From 39d6de3a6f5612b27035b0c33ff7612f79249388 Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@users.noreply.github.com>
Date: Tue, 24 Dec 2024 21:40:42 +1000
Subject: [PATCH] Add workflow read permissions (#148)

---
 .github/workflows/labeler.yml    | 3 +++
 .github/workflows/linter.yml     | 3 ++-
 .github/workflows/pre-commit.yml | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index f4dc7e1..82c6563 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -4,6 +4,9 @@ name: 'Pull Request Labeler'
 on:
   - pull_request_target
 
+permissions:
+  contents: read
+
 jobs:
   label:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index e35b3f9..cc8d0cc 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -5,7 +5,8 @@ on: # yamllint disable-line rule:truthy
   push: null
   pull_request: null
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   build:
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 7d5bb8c..9235835 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -3,6 +3,9 @@ name: Pre-commit
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   pre-commit:
     runs-on: ubuntu-latest