From 3a5a5235d64d7c2a4da62527dfd43bf2be223f16 Mon Sep 17 00:00:00 2001
From: Min M Xu <min.m.xu@intel.com>
Date: Mon, 1 Jul 2024 19:55:00 -0400
Subject: [PATCH] Fix token-perssion issue

Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .github/workflows/codeql.yml      | 2 +-
 .github/workflows/deny.yml        | 2 ++
 .github/workflows/format.yml      | 3 +++
 .github/workflows/integration.yml | 2 +-
 .github/workflows/main.yml        | 3 +++
 .github/workflows/oss-fuzz.yml    | 5 ++++-
 .github/workflows/unittest.yml    | 3 +++
 7 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1f7c117..00b47c8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -21,7 +21,7 @@ on:
     - cron: "0 0 * * 1"
 
 permissions:
-  contents: read
+  contents: read-all
 
 jobs:
   analyze:
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
index 8dff79d..dd95814 100644
--- a/.github/workflows/deny.yml
+++ b/.github/workflows/deny.yml
@@ -6,6 +6,8 @@ on:
     pull_request:
       paths-ignore:
         - "**.md"
+permissions:
+  contents: read-all
   
 jobs:
   cargo-deny:
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
index a401132..1314b62 100644
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -13,6 +13,9 @@ env:
   AR: llvm-ar
   CC: clang
 
+permissions:
+  contents: read-all
+
 jobs:
   clippy:
     name: Clippy
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index 3a855af..cede780 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -13,7 +13,7 @@ env:
   TOOLCHAIN_PROFILE: minimal
 
 permissions:
-  contents: read
+  contents: read-all
 
 jobs:
   integration:
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7bc0738..a642f4b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,3 +1,6 @@
+permissions:
+  contents: read-all
+
 on:
     push:
       paths-ignore:
diff --git a/.github/workflows/oss-fuzz.yml b/.github/workflows/oss-fuzz.yml
index df08a57..f54833f 100644
--- a/.github/workflows/oss-fuzz.yml
+++ b/.github/workflows/oss-fuzz.yml
@@ -1,6 +1,9 @@
 name: oss-fuzz
 on: [pull_request]
-permissions: {}
+
+permissions:
+  contents: read
+
 jobs:
  Fuzzing:
    runs-on: ubuntu-latest
diff --git a/.github/workflows/unittest.yml b/.github/workflows/unittest.yml
index 39fcf9a..e068877 100644
--- a/.github/workflows/unittest.yml
+++ b/.github/workflows/unittest.yml
@@ -1,3 +1,6 @@
+permissions:
+  contents: read-all
+
 on:
   push:
     paths-ignore: