From 2e1793adce49029efe688b816cb50f8935f68311 Mon Sep 17 00:00:00 2001
From: Jan Calanog <jan.calanog@elastic.co>
Date: Mon, 19 Feb 2024 22:57:04 +0700
Subject: [PATCH] security: add permissions block to workflows (#2288)

Co-authored-by: Steve Gordon <sgordon@hotmail.co.uk>
---
 .github/workflows/addToProject.yml              | 3 +++
 .github/workflows/labeler.yml                   | 3 +++
 .github/workflows/test-linux-reporter.yml       | 3 +++
 .github/workflows/test-windows-iis-reporter.yml | 3 +++
 .github/workflows/test-windows-reporter.yml     | 3 +++
 5 files changed, 15 insertions(+)

diff --git a/.github/workflows/addToProject.yml b/.github/workflows/addToProject.yml
index ddde4938d..6786189ca 100644
--- a/.github/workflows/addToProject.yml
+++ b/.github/workflows/addToProject.yml
@@ -9,6 +9,9 @@ on:
 env:
   MY_GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }}
 
+permissions:
+  contents: read
+
 jobs:
   assign_one_project:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 7f7718470..bfe0262da 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -5,6 +5,9 @@ on:
   pull_request_target:
     types: [opened]
 
+permissions:
+  contents: read
+
 jobs:
   triage:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test-linux-reporter.yml b/.github/workflows/test-linux-reporter.yml
index 406a3ed82..e91f77a9b 100644
--- a/.github/workflows/test-linux-reporter.yml
+++ b/.github/workflows/test-linux-reporter.yml
@@ -8,6 +8,9 @@ on:
     types:
       - completed
 
+permissions:
+  contents: read
+
 jobs:
   report:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test-windows-iis-reporter.yml b/.github/workflows/test-windows-iis-reporter.yml
index 600da2791..94ba359ff 100644
--- a/.github/workflows/test-windows-iis-reporter.yml
+++ b/.github/workflows/test-windows-iis-reporter.yml
@@ -8,6 +8,9 @@ on:
     types:
       - completed
 
+permissions:
+  contents: read
+
 jobs:
   report:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test-windows-reporter.yml b/.github/workflows/test-windows-reporter.yml
index f61d1a911..ed7ea7772 100644
--- a/.github/workflows/test-windows-reporter.yml
+++ b/.github/workflows/test-windows-reporter.yml
@@ -8,6 +8,9 @@ on:
     types:
       - completed
 
+permissions:
+  contents: read
+
 jobs:
   report:
     runs-on: ubuntu-latest