From 33c5f477c3100b37af3e4a5ff251283d337f93a6 Mon Sep 17 00:00:00 2001
From: SamerKhshiboun <samer.khshiboun@intel.com>
Date: Mon, 8 Jan 2024 08:24:16 +0200
Subject: [PATCH] Set top level permission for GHA

---
 .github/workflows/main.yml             | 2 ++
 .github/workflows/pre-release.yml      | 1 +
 .github/workflows/static_analysis.yaml | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ecd144d630..5da1956304 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -13,6 +13,8 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
+permissions: read-all
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 # This workflow contains a single job called "build"
 
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
index 4b54702bcc..afebcb6542 100644
--- a/.github/workflows/pre-release.yml
+++ b/.github/workflows/pre-release.yml
@@ -23,6 +23,7 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
+permissions: read-all
 
 jobs:
   build:
diff --git a/.github/workflows/static_analysis.yaml b/.github/workflows/static_analysis.yaml
index 7672fd6956..26cb9bb20d 100644
--- a/.github/workflows/static_analysis.yaml
+++ b/.github/workflows/static_analysis.yaml
@@ -6,6 +6,8 @@ on:
   pull_request:
     branches: ['**']
 
+permissions: read-all
+
 jobs:
   cppcheck:
     name: cppcheck