From 6145b3b1473a358a30cfc18d94826094017eb735 Mon Sep 17 00:00:00 2001
From: "Satadru Pramanik, DO, MPH, MEng" <satadru@gmail.com>
Date: Fri, 13 Dec 2024 19:11:53 -0500
Subject: [PATCH] Adjust workflow permissions (#10963)

Signed-off-by: Satadru Pramanik <satadru@gmail.com>
---
 .github/workflows/Build.yml     | 11 +++++++++--
 .github/workflows/autocheck.yml |  6 ++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml
index 35902e72f..50a591cfc 100644
--- a/.github/workflows/Build.yml
+++ b/.github/workflows/Build.yml
@@ -4,11 +4,12 @@ on:
   workflow_dispatch:
 env:
   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # setting GH_TOKEN for the entire workflow
-permissions:                    # Global permissions configuration starts here
+permissions:
   actions: write
   contents: write
   packages: write
-  pull-requests: write          # 'write' access to pull requests
+  pull-requests: write
+  repository-projects: read
 jobs:
   setup:
     if: ${{ ( github.repository_owner == 'chromebrew' ) && ( github.ref_name != 'master' ) }}
@@ -304,5 +305,11 @@ jobs:
       - name: Add Reviewers
         env:
           GH_TOKEN: ${{ secrets.CREW_PR_TOKEN }}
+        permissions:
+          actions: write
+          contents: write
+          packages: write
+          pull-requests: write
+          repository-projects: read
         run: |
           gh pr edit ${PR_NUMBER} --add-reviewer chromebrew/active
diff --git a/.github/workflows/autocheck.yml b/.github/workflows/autocheck.yml
index aa96605bc..c2dbe81b2 100644
--- a/.github/workflows/autocheck.yml
+++ b/.github/workflows/autocheck.yml
@@ -6,6 +6,12 @@ on:
   workflow_dispatch:
 env:
   GH_TOKEN: ${{ secrets.CREW_PR_TOKEN }}
+permissions:
+  actions: write
+  contents: write
+  packages: write
+  pull-requests: write
+  repository-projects: read
 jobs:
   autocheck:
     if: ${{ github.repository_owner == 'chromebrew' }}