From 31d5677c8e16e20e60e886c1669fd6bf741dbbce Mon Sep 17 00:00:00 2001
From: Damien Grisonnet <dgrisonn@redhat.com>
Date: Thu, 29 Aug 2024 15:09:32 +0200
Subject: [PATCH] .github: add content write perm to release jobs

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
---
 .github/workflows/gh-workflow-approve.yaml | 3 +++
 .github/workflows/lint-test-chart.yaml     | 3 +++
 .github/workflows/release-chart.yaml       | 5 +++++
 .github/workflows/release.yaml             | 5 +++++
 4 files changed, 16 insertions(+)

diff --git a/.github/workflows/gh-workflow-approve.yaml b/.github/workflows/gh-workflow-approve.yaml
index c63152d1d..e0c8ae839 100644
--- a/.github/workflows/gh-workflow-approve.yaml
+++ b/.github/workflows/gh-workflow-approve.yaml
@@ -8,6 +8,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   approve:
     name: Approve ok-to-test
diff --git a/.github/workflows/lint-test-chart.yaml b/.github/workflows/lint-test-chart.yaml
index 27fd2880c..fa5d3d9d3 100644
--- a/.github/workflows/lint-test-chart.yaml
+++ b/.github/workflows/lint-test-chart.yaml
@@ -6,6 +6,9 @@ on:
       - .github/workflows/lint-test-chart.yaml
       - "charts/metrics-server/**"
 
+permissions:
+  contents: read
+
 jobs:
   lint-test:
     name: Lint & Test
diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml
index 34cefd777..8097bb1b3 100644
--- a/.github/workflows/release-chart.yaml
+++ b/.github/workflows/release-chart.yaml
@@ -7,6 +7,9 @@ on:
     paths:
       - charts/metrics-server/Chart.yaml
 
+permissions:
+  contents: read
+
 jobs:
   release:
     name: Release
@@ -15,6 +18,8 @@ jobs:
     defaults:
       run:
         shell: bash
+    permissions:
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 277284bfe..cf3ba14d1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,6 +5,9 @@ on:
     types:
       - published
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: build
@@ -12,6 +15,8 @@ jobs:
     defaults:
       run:
         shell: bash
+    permissions:
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1