From 76bfcab5518f8ad8f2743fd7798b6df54cb39345 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Mon, 2 Sep 2024 11:30:58 -0500
Subject: [PATCH] fix: code scanning alerts re: workflows permissions

- [x] add permissions to stale workflow
- [x] add permissions to tests workflow
  - [x] remove empty brackers on pull_request branch in tests workflow

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/workflows/stale.yml | 4 ++++
 .github/workflows/tests.yml | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 063c3c76c9f..1aeb25b78b6 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -3,6 +3,10 @@ on:
   workflow_dispatch:
   schedule:
     - cron: "0 12 * * *"
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
 jobs:
   stale:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6770585b3e2..3ecf804d727 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,8 +2,10 @@ name: GitHub Actions CI
 on:
   push:
     branches: master
-  pull_request: []
+  pull_request:
   merge_group:
+permissions:
+  contents: read
 jobs:
   tests:
     runs-on: ubuntu-latest