From 2f3cc3a5cadf9673a6a7b911ad74c979281fbf1a Mon Sep 17 00:00:00 2001
From: zhongliang02 <zhongliang@open.gov.sg>
Date: Thu, 9 Jan 2025 11:30:30 +0800
Subject: [PATCH] fix: limit permissions for github workflows (#395)

* fix: limit permissions for github workflows

* fix: removed unnecessary actions read perm
---
 .github/workflows/chromatic.yml | 3 +++
 .github/workflows/ci.yml        | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
index 544cc75..93daa19 100644
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -14,6 +14,9 @@ on:
 # List of jobs
 jobs:
   chromatic-deployment:
+    permissions:
+      contents: read
+      checks: write
     # Operating System
     runs-on: ubuntu-latest
     env:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6628848..3432a10 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,10 @@ on:
   pull_request:
     types: [opened, synchronize]
 
+permissions:
+  contents: read
+  checks: write
+
 jobs:
   install:
     name: Install dependencies
@@ -66,6 +70,10 @@ jobs:
       - install
     timeout-minutes: 15
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: write
+      checks: write
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/setup