From 84e28f2230ff34db3159a5d64396cb2b978e296d Mon Sep 17 00:00:00 2001
From: Juarez Rudsatz <juarezr@gmail.com>
Date: Thu, 14 Mar 2024 19:47:10 -0300
Subject: [PATCH] ci: set permissions for nested workflows

---
 .github/workflows/test-changes.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test-changes.yml b/.github/workflows/test-changes.yml
index 29f07e0d..baea6c53 100644
--- a/.github/workflows/test-changes.yml
+++ b/.github/workflows/test-changes.yml
@@ -204,9 +204,19 @@ jobs:
 
   call-workflow-codeql:
     needs: test-source-code
-    uses: ./.github/workflows/codeql-analysis.yml@master
+    uses: ./.github/workflows/codeql-analysis.yml
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+      security-events: write
 
   call-workflow-codacity:
     needs: test-source-code
-    uses: ./.github/workflows/codacy-analysis.yml@master
+    uses: ./.github/workflows/codacy-analysis.yml
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+      security-events: write