From db4f9ed0c9096ef2f65ae8cc59416b35426626a9 Mon Sep 17 00:00:00 2001
From: vil02 <65706193+vil02@users.noreply.github.com>
Date: Mon, 23 Jun 2025 08:38:59 +0200
Subject: [PATCH] chore: set permissions

---
 .github/workflows/build.yml                  | 7 +++++--
 .github/workflows/directory_workflow.yml     | 3 +++
 .github/workflows/stale.yml                  | 6 ++++++
 .github/workflows/upload_coverage_report.yml | 3 +++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index db306b460ff..1ab85c40554 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,6 +6,9 @@ name: build
   schedule:
     - cron: '51 2 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   fmt:
     name: cargo fmt
@@ -14,7 +17,7 @@ jobs:
     - uses: actions/checkout@v4
     - name: cargo fmt
       run: cargo fmt --all -- --check
-   
+
   clippy:
     name: cargo clippy
     runs-on: ubuntu-latest
@@ -22,7 +25,7 @@ jobs:
     - uses: actions/checkout@v4
     - name: cargo clippy
       run: cargo clippy --all --all-targets -- -D warnings
-  
+
   test:
     name: cargo test
     runs-on: ubuntu-latest
diff --git a/.github/workflows/directory_workflow.yml b/.github/workflows/directory_workflow.yml
index 6a34f58bf6b..9595c7ad8cb 100644
--- a/.github/workflows/directory_workflow.yml
+++ b/.github/workflows/directory_workflow.yml
@@ -3,6 +3,9 @@ on:
   push:
     branches: [master]
 
+permissions:
+  contents: read
+
 jobs:
   MainSequence:
     name: DIRECTORY.md
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 203cc941a5e..3e99d1d726d 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -2,8 +2,14 @@ name: 'Close stale issues and PRs'
 on:
   schedule:
     - cron: '0 0 * * *'
+permissions:
+  contents: read
+
 jobs:
   stale:
+    permissions:
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v9
diff --git a/.github/workflows/upload_coverage_report.yml b/.github/workflows/upload_coverage_report.yml
index f19a34345a5..ebe347c99e4 100644
--- a/.github/workflows/upload_coverage_report.yml
+++ b/.github/workflows/upload_coverage_report.yml
@@ -9,6 +9,9 @@ on:
       - master
   pull_request:
 
+permissions:
+  contents: read
+
 env:
   REPORT_NAME: "lcov.info"