From 170c5115682caba0f00f993d3b0401c451811ac4 Mon Sep 17 00:00:00 2001
From: Erwan MATHIEU <erwan.mathieu@ultimaker.com>
Date: Thu, 23 May 2024 11:49:35 +0200
Subject: [PATCH] Reduce permissions on printer-linter GitHub actions

Previously they had no permission set, so by default all write access. We now specify only the required permissions for each of them.
---
 .github/workflows/printer-linter-pr-diagnose.yml | 3 +++
 .github/workflows/printer-linter-pr-post.yml     | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/printer-linter-pr-diagnose.yml b/.github/workflows/printer-linter-pr-diagnose.yml
index 1be20c45481..67fbe7247f9 100644
--- a/.github/workflows/printer-linter-pr-diagnose.yml
+++ b/.github/workflows/printer-linter-pr-diagnose.yml
@@ -5,6 +5,9 @@ on:
     path:
       - "resources/**"
 
+permissions:
+  contents: read
+
 jobs:
   printer-linter-diagnose:
     name: Printer linter PR diagnose
diff --git a/.github/workflows/printer-linter-pr-post.yml b/.github/workflows/printer-linter-pr-post.yml
index 8bb1aaf0281..526fdcdbaa1 100644
--- a/.github/workflows/printer-linter-pr-post.yml
+++ b/.github/workflows/printer-linter-pr-post.yml
@@ -5,6 +5,9 @@ on:
     workflows: ["printer-linter-pr-diagnose"]
     types: [completed]
 
+permissions:
+  issues: write
+
 jobs:
   clang-tidy-results:
     # Trigger the job only if the previous (insecure) workflow completed successfully