From 041e76455426dc62d751b513c0ab1cf0374bc07b Mon Sep 17 00:00:00 2001
From: Miguel Ruiz <miguel.ruiz@broadcom.com>
Date: Fri, 7 Feb 2025 16:03:36 +0100
Subject: [PATCH] Fix CodeQL: actions/missing-workflow-permissions

Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
---
 .github/workflows/ci.yaml      | 26 +++++++++-----------------
 .github/workflows/release.yaml |  4 ++--
 2 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9ac5a30..2fb104d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,24 +1,24 @@
 name: CI
 on:
   workflow_dispatch:
-  push: 
+  push:
     branches:
        - v2
   pull_request:
     branches:
       - v2
     types:
-      - assigned 
-      - opened 
-      - synchronize 
+      - assigned
+      - opened
+      - synchronize
       - reopened
-
+# Remove all permissions by default
+permissions: {}
 env:
   KIND_VERSION: "0.12.0"
   KUBECTL_VERSION: "1.22.0"
-
 jobs:
-  Validate:
+  validate:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout Code
@@ -29,26 +29,20 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: 1.21.9
-
       - name: Set Golangci-lint
         run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
-
       - name: Set Shellcheck
         run: sudo apt-get -qq update && sudo apt-get install -y shellcheck
-
       - name: Verify scripts
         run: |
            shellcheck test/*.sh
-
       - name: Build
         run: make build
       - name: Lint
         run: make test-style
-
       - name: Test
         run: make test
-
-  Build:
+  build:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout Code
@@ -59,15 +53,13 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: 1.21.9
-
       - name: Build
         run: make build
       - uses: actions/upload-artifact@v4
         with:
           name: charts-syncer-binary
           path: dist/charts-syncer
-
-  Integration:
+  integration:
     needs: Build
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6ae898f..464c630 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -4,11 +4,11 @@ on:
   push:
     tags:
       - "v*.*.*"
-
+# Remove all permissions by default
+permissions: {}
 jobs:
   release:
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4