From 50dd290dc1d8b27c2b3a87e711b06c169f8f2424 Mon Sep 17 00:00:00 2001
From: Wenju He <wenju.he@intel.com>
Date: Tue, 28 May 2024 17:33:16 -0700
Subject: [PATCH] [CI] Add Token-Permissions to github workflow files (#518)

Address #516
---
 .github/workflows/on-demand-verification.yml | 3 +++
 .github/workflows/on-push-verification.yml   | 3 +++
 .github/workflows/scheduled-verification.yml | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/on-demand-verification.yml b/.github/workflows/on-demand-verification.yml
index edef8a7b..0ebe6dd3 100644
--- a/.github/workflows/on-demand-verification.yml
+++ b/.github/workflows/on-demand-verification.yml
@@ -5,6 +5,9 @@
 name: On demand verification
 run-name: 'On demand by ${{ github.actor }}'
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:
diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml
index 7e695c5f..c871c991 100644
--- a/.github/workflows/on-push-verification.yml
+++ b/.github/workflows/on-push-verification.yml
@@ -7,6 +7,9 @@
 name: On push & pull-request verification
 run-name: '${{ github.event_name }}: ${{ github.base_ref }} ${{ github.ref_name }}' # github.base_ref null for 'on: push'
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/scheduled-verification.yml b/.github/workflows/scheduled-verification.yml
index eec34da1..b798bdfa 100644
--- a/.github/workflows/scheduled-verification.yml
+++ b/.github/workflows/scheduled-verification.yml
@@ -5,6 +5,9 @@
 name: Scheduled verification
 run-name: Scheduled verification
 
+permissions:
+  contents: read
+
 on:
   schedule:
     # Run Sunday & Wednesday at 00:00