From c3ee53da08bff5c448683b9a1741c722d4910374 Mon Sep 17 00:00:00 2001
From: "Thing-han, Lim" <15379156+potsrevennil@users.noreply.github.com>
Date: Tue, 3 Dec 2024 10:58:10 +0800
Subject: [PATCH] ci: set top-level permissions as read-all for code scanning

Signed-off-by: Thing-han, Lim <15379156+potsrevennil@users.noreply.github.com>
---
 .github/workflows/bench.yml              | 2 ++
 .github/workflows/bench_ec2_reusable.yml | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
index 002015c10..c1bdc4c7e 100644
--- a/.github/workflows/bench.yml
+++ b/.github/workflows/bench.yml
@@ -13,6 +13,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: read-all
+
 jobs:
   bench:
     permissions:
diff --git a/.github/workflows/bench_ec2_reusable.yml b/.github/workflows/bench_ec2_reusable.yml
index 4d05d6141..15cb44b33 100644
--- a/.github/workflows/bench_ec2_reusable.yml
+++ b/.github/workflows/bench_ec2_reusable.yml
@@ -67,6 +67,9 @@ env:
   AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action
   AMI_UBUNTU_LATEST_X86_64: ami-0e86e20dae9224db8
   AMI_UBUNTU_LATEST_AARCH64: ami-096ea6a12ea24a797
+
+permissions: read-all
+
 jobs:
   start-ec2-runner:
     name: Start ${{ inputs.name }} (${{ inputs.ec2_instance_type }})