From d64f3cf10da660e0dd7c4ad7693fae1e5e60e564 Mon Sep 17 00:00:00 2001
From: Ashish Kurmi <akurmi@stepsecurity.io>
Date: Sun, 2 Oct 2022 11:26:26 -0700
Subject: [PATCH] ci: add minimum GitHub token permissions for workflows
 Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>

---
 .github/workflows/continuous-integration.yml | 3 +++
 .github/workflows/lint.yml                   | 3 +++
 .github/workflows/phpstan.yml                | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index 03782570..2ecae136 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -8,6 +8,9 @@ env:
   COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --prefer-dist"
   SYMFONY_PHPUNIT_REMOVE_RETURN_TYPEHINT: "1"
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: "CI"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 843ac352..61b56333 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -4,6 +4,9 @@ on:
   - push
   - pull_request
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: "Lint"
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
index 559fae1d..c638b440 100644
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -8,6 +8,9 @@ env:
   COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --prefer-dist"
   SYMFONY_PHPUNIT_VERSION: ""
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: "PHPStan"