From efe32ac333c30d09bcd70802a83b29f4c0ea3780 Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Tue, 20 Jun 2023 14:27:03 +0200
Subject: [PATCH] GitHub Workflows security hardening (#5598)

* build: harden frontend-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden frontend-admin-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/frontend-admin-tests.yml | 3 +++
 .github/workflows/frontend-tests.yml       | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/frontend-admin-tests.yml b/.github/workflows/frontend-admin-tests.yml
index db657536a..3be9e34cc 100644
--- a/.github/workflows/frontend-admin-tests.yml
+++ b/.github/workflows/frontend-admin-tests.yml
@@ -3,6 +3,9 @@ name: "Frontend admin tests powered by Sauce Labs"
 
 on: [push]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   withplugins:
     name: with plugins
diff --git a/.github/workflows/frontend-tests.yml b/.github/workflows/frontend-tests.yml
index 37dc61bbd..e0d235d2d 100644
--- a/.github/workflows/frontend-tests.yml
+++ b/.github/workflows/frontend-tests.yml
@@ -3,6 +3,9 @@ name: "Frontend tests powered by Sauce Labs"
 
 on: [push]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   withoutplugins:
     name: without plugins