From c3c8e4145ad70f2333696e27ad3b1f9757601b70 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Wed, 31 Jan 2024 02:41:19 -0500
Subject: [PATCH] Add permissions declarations

---
 .github/workflows/check-dist.yml      | 3 +++
 .github/workflows/codeql-analysis.yml | 4 ++++
 .github/workflows/licensed.yml        | 3 +++
 .github/workflows/test.yml            | 3 +++
 4 files changed, 13 insertions(+)

diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
index cd90053..bee8638 100644
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -6,6 +6,9 @@
 # We need to make sure the checked-in `index.js` actually matches what we expect it to be.
 name: Check dist/
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e95dbe4..dcf7c1e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,5 +1,9 @@
 name: "Code scanning - action"
 
+permissions:
+  contents: read
+  security-events: write
+
 on:
   push:
     branches-ignore: "dependabot/**"
diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml
index d99f397..54365f7 100644
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@@ -1,5 +1,8 @@
 name: Licensed
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8089b19..7913e0d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -7,6 +7,9 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Build and Test