From 59ef9ebbf49c1436db6548e384273cb9e9a29890 Mon Sep 17 00:00:00 2001
From: Jan Calanog <jan.calanog@elastic.co>
Date: Sun, 18 Feb 2024 02:11:56 +0700
Subject: [PATCH] security: add permissions block to workflows

---
 .github/workflows/addToProject.yml | 3 +++
 .github/workflows/labeler.yml      | 3 +++
 .github/workflows/test-docs.yml    | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/addToProject.yml b/.github/workflows/addToProject.yml
index cee67c2..6b5becd 100644
--- a/.github/workflows/addToProject.yml
+++ b/.github/workflows/addToProject.yml
@@ -7,6 +7,9 @@ on:
 env:
   MY_GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }}
 
+permissions:
+  contents: read
+
 jobs:
   assign_one_project:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index e864f28..dd77007 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,6 +7,9 @@ on:
 env:
   MY_GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }}
 
+permissions:
+  contents: read
+
 jobs:
   triage:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test-docs.yml b/.github/workflows/test-docs.yml
index 40171cb..74476b1 100644
--- a/.github/workflows/test-docs.yml
+++ b/.github/workflows/test-docs.yml
@@ -10,6 +10,9 @@ on:
       - '!**/*.md'
       - '!**/*.asciidoc'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest