From 2e1587295b358d6331a5b62064a8d40a00ee2480 Mon Sep 17 00:00:00 2001
From: Jan Calanog <jan.calanog@elastic.co>
Date: Tue, 12 Mar 2024 13:43:20 +0100
Subject: [PATCH] security: add permissions block to workflows (#442)

* security: add permissions block to workflows

* Update .github/workflows/test-reporter.yml
---
 .github/workflows/addToAPMProject.yml  | 3 +++
 .github/workflows/addToDocsProject.yml | 3 +++
 .github/workflows/labeler.yml          | 3 +++
 .github/workflows/test-reporter.yml    | 5 +++++
 4 files changed, 14 insertions(+)

diff --git a/.github/workflows/addToAPMProject.yml b/.github/workflows/addToAPMProject.yml
index c70b33f1..f13634df 100644
--- a/.github/workflows/addToAPMProject.yml
+++ b/.github/workflows/addToAPMProject.yml
@@ -3,6 +3,9 @@ on:
   issues:
     types:
       - opened
+permissions:
+  contents: read
+
 jobs:
   add_to_project:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/addToDocsProject.yml b/.github/workflows/addToDocsProject.yml
index d53a9fde..7c3f0f5c 100644
--- a/.github/workflows/addToDocsProject.yml
+++ b/.github/workflows/addToDocsProject.yml
@@ -3,6 +3,9 @@ on:
   issues:
     types:
       - labeled
+permissions:
+  contents: read
+
 jobs:
   add_to_project:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 1df2c91c..a195d819 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,6 +7,9 @@ on:
 env:
   MY_GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }}
 
+permissions:
+  contents: read
+
 jobs:
   triage:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test-reporter.yml b/.github/workflows/test-reporter.yml
index db771339..8cd5eb42 100644
--- a/.github/workflows/test-reporter.yml
+++ b/.github/workflows/test-reporter.yml
@@ -8,6 +8,11 @@ on:
     types:
       - completed
 
+permissions:
+  contents: read
+  actions: read
+  checks: write
+
 jobs:
   report:
     runs-on: ubuntu-latest