From b3da5d4c10b72c45d06976c6a8495a55a6ee9e86 Mon Sep 17 00:00:00 2001
From: Aditya Bharadwaj <adityabharadwaj198@gmail.com>
Date: Thu, 21 Nov 2024 14:25:45 +0530
Subject: [PATCH] adding permissions here

---
 ...ackwards_compatibility_marqo_execution.yml | 19 ++++++++++++++++++-
 ...wards_compatibility_marqo_orchestrator.yml |  9 +++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/backwards_compatibility_marqo_execution.yml b/.github/workflows/backwards_compatibility_marqo_execution.yml
index 2b1a82f38..70b4bae66 100644
--- a/.github/workflows/backwards_compatibility_marqo_execution.yml
+++ b/.github/workflows/backwards_compatibility_marqo_execution.yml
@@ -41,7 +41,15 @@ on:
 
 jobs:
   Start-Runner:
-    permissions: write-all
+    permissions:
+      contents: read
+      actions: write
+      id-token: write
+      ec2-actions: write
+      checks: write
+      deployments: write
+      packages: write
+      statuses: write
     name: Start self-hosted EC2 runner
     runs-on: ubuntu-latest
     outputs:
@@ -126,6 +134,15 @@ jobs:
 
   Stop-Runner:
     name: Stop self-hosted EC2 runner
+    permissions:
+      contents: read
+      actions: write
+      id-token: write
+      ec2-actions: write
+      checks: write
+      deployments: write
+      packages: write
+      statuses: write
     needs:
       - Start-Runner # required to get output from the start-runner job
       - backwards_compatibility # required to wait when the main job is done
diff --git a/.github/workflows/backwards_compatibility_marqo_orchestrator.yml b/.github/workflows/backwards_compatibility_marqo_orchestrator.yml
index 035af0be6..ff39c5522 100644
--- a/.github/workflows/backwards_compatibility_marqo_orchestrator.yml
+++ b/.github/workflows/backwards_compatibility_marqo_orchestrator.yml
@@ -144,6 +144,15 @@ jobs:
         from_version: ${{ fromJson(needs.orchestrate.outputs.list) }}
     uses: ./.github/workflows/backwards_compatibility_marqo_execution.yml
     secrets: inherit
+    permissions:
+      contents: read
+      actions: write
+      id-token: write
+      ec2-actions: write
+      checks: write
+      deployments: write
+      packages: write
+      statuses: write
     with:
       from_version: ${{ matrix.from_version }}
       to_version: ${{ needs.orchestrate.outputs.to_version }}