From d89afb009455ad3d0cd7c304baccc53e62a030eb Mon Sep 17 00:00:00 2001
From: Steve Boyd <emteknetnz@gmail.com>
Date: Tue, 16 Apr 2024 14:51:11 +1200
Subject: [PATCH] ENH Add workflow permissions

---
 .github/workflows/js-prs-issue.yml      | 4 ++++
 .github/workflows/keepalive.yml         | 4 ++++
 .github/workflows/translation-issue.yml | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/.github/workflows/js-prs-issue.yml b/.github/workflows/js-prs-issue.yml
index 09d0882..35756a9 100644
--- a/.github/workflows/js-prs-issue.yml
+++ b/.github/workflows/js-prs-issue.yml
@@ -7,12 +7,16 @@ on:
     - cron: '0 12 1 */3 *'
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   js-prs-issue:
     name: JS PRs issue
     # Only run cron on the silverstripe account
     if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule')
     runs-on: ubuntu-latest
+    permissions:
+      issues: write
     steps:
       - name: Get Alerts List
         id: get-alerts-list
diff --git a/.github/workflows/keepalive.yml b/.github/workflows/keepalive.yml
index fb87877..6b38ba0 100644
--- a/.github/workflows/keepalive.yml
+++ b/.github/workflows/keepalive.yml
@@ -6,12 +6,16 @@ on:
     - cron: '50 10 4 * *'
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   keepalive:
     name: Keepalive
     # Only run cron on the silverstripe account
     if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule')
     runs-on: ubuntu-latest
+    permissions:
+      actions: write
     steps:
       - name: Keepalive
         uses: silverstripe/gha-keepalive@v1
diff --git a/.github/workflows/translation-issue.yml b/.github/workflows/translation-issue.yml
index fa06518..91d6322 100644
--- a/.github/workflows/translation-issue.yml
+++ b/.github/workflows/translation-issue.yml
@@ -6,12 +6,16 @@ on:
     - cron: '0 7 1 2,5,8,11 *'
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   translation-issue:
     name: Translation issue
     # Only run cron on the silverstripe account
     if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule')
     runs-on: ubuntu-latest
+    permissions:
+      issues: write
     steps:
       - name: Translation issue
         uses: silverstripe/gha-issue@v1