From e147c6dcd94970695d6c0cb79ef8dcba629d57a4 Mon Sep 17 00:00:00 2001
From: tsteven4 <13596209+tsteven4@users.noreply.github.com>
Date: Mon, 23 Dec 2024 16:34:44 -0700
Subject: [PATCH 1/3] fix code scanning "Workflow does not contain permissions"

---
 .github/workflows/ubuntu.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
index f8e3e1f42..68a9e92d6 100644
--- a/.github/workflows/ubuntu.yml
+++ b/.github/workflows/ubuntu.yml
@@ -1,4 +1,6 @@
 name: "ubuntu"
+permissions:
+  contents: read
 
 on:
   push:

From 5aedacbb6418fca3c67c530e2575a58ae4d73ce5 Mon Sep 17 00:00:00 2001
From: tsteven4 <13596209+tsteven4@users.noreply.github.com>
Date: Mon, 23 Dec 2024 18:16:36 -0700
Subject: [PATCH 2/3] restrict workflow permissions

---
 .github/workflows/codacy-analysis.yaml | 2 ++
 .github/workflows/fedora.yml           | 2 ++
 .github/workflows/gendocs.yml          | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/codacy-analysis.yaml b/.github/workflows/codacy-analysis.yaml
index 1a33418ba..babe744ba 100644
--- a/.github/workflows/codacy-analysis.yaml
+++ b/.github/workflows/codacy-analysis.yaml
@@ -1,4 +1,6 @@
 name: Codacy clang-tidy
+permissions:
+  contents: read
 
 on:
   push:
diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml
index ca26eda9c..788084c91 100644
--- a/.github/workflows/fedora.yml
+++ b/.github/workflows/fedora.yml
@@ -1,4 +1,6 @@
 name: "fedora"
+permissions:
+  contents: read
 
 on:
   schedule:
diff --git a/.github/workflows/gendocs.yml b/.github/workflows/gendocs.yml
index a6b64fb8a..5147c97fb 100644
--- a/.github/workflows/gendocs.yml
+++ b/.github/workflows/gendocs.yml
@@ -1,4 +1,6 @@
 name: "gendocs"
+permissions:
+  contents: read
 
 on:
   push:

From 1dd0f957ece8d023169c76e677a67d8d52985297 Mon Sep 17 00:00:00 2001
From: tsteven4 <13596209+tsteven4@users.noreply.github.com>
Date: Mon, 23 Dec 2024 18:30:34 -0700
Subject: [PATCH 3/3] lockdown permissions

---
 .github/workflows/codacy-analysis.yaml | 3 +--
 .github/workflows/fedora.yml           | 3 +--
 .github/workflows/gendocs.yml          | 3 +--
 .github/workflows/ubuntu.yml           | 3 +--
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/codacy-analysis.yaml b/.github/workflows/codacy-analysis.yaml
index babe744ba..e36eb7efd 100644
--- a/.github/workflows/codacy-analysis.yaml
+++ b/.github/workflows/codacy-analysis.yaml
@@ -1,6 +1,5 @@
 name: Codacy clang-tidy
-permissions:
-  contents: read
+permissions: {}
 
 on:
   push:
diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml
index 788084c91..b97886d68 100644
--- a/.github/workflows/fedora.yml
+++ b/.github/workflows/fedora.yml
@@ -1,6 +1,5 @@
 name: "fedora"
-permissions:
-  contents: read
+permissions: {}
 
 on:
   schedule:
diff --git a/.github/workflows/gendocs.yml b/.github/workflows/gendocs.yml
index 5147c97fb..d800b4dd9 100644
--- a/.github/workflows/gendocs.yml
+++ b/.github/workflows/gendocs.yml
@@ -1,6 +1,5 @@
 name: "gendocs"
-permissions:
-  contents: read
+permissions: {}
 
 on:
   push:
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
index 68a9e92d6..6fbf4043c 100644
--- a/.github/workflows/ubuntu.yml
+++ b/.github/workflows/ubuntu.yml
@@ -1,6 +1,5 @@
 name: "ubuntu"
-permissions:
-  contents: read
+permissions: {}
 
 on:
   push: