From f9a9cf512056006a1e85c8dfeb8a28a31be442c2 Mon Sep 17 00:00:00 2001
From: Milosz Wasilewski <milosz.wasilewski@oss.qualcomm.com>
Date: Thu, 23 Jan 2025 19:30:09 +0000
Subject: [PATCH] workflows: update job permissions for test reporting

Test reporting action requires the following permissions:

  checks: write
  pull-requests: write

This patch adds the required permissions to all jobs that require test
reporting. In addition the following permissions are defined:

  contents: read
  packages: read

These are default values set by github, but need to be manually defined
to prevent setting them to "none" as per actions documentation.

Signed-off-by: Milosz Wasilewski <milosz.wasilewski@oss.qualcomm.com>
---
 .github/workflows/nightly-build.yml | 6 ++++++
 .github/workflows/pr.yml            | 6 ++++++
 .github/workflows/push.yml          | 6 ++++++
 .github/workflows/test-pr.yml       | 6 ++++++
 4 files changed, 24 insertions(+)

diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml
index 2a01b2e0..93f7c3e5 100644
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -6,6 +6,12 @@ on:
   # so that build notification emails will be sent out properly.
   - cron: "22 1 * * *"   # daily job - pick a random "minute"  - top of hour can be busy in github
 
+permissions:
+  checks: write
+  pull-requests: write
+  contents: read
+  packages: read
+
 jobs:
   build-nightly:
     uses: ./.github/workflows/build-yocto.yml
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index c91e410b..768c7c8f 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -3,6 +3,12 @@ name: Build on PR
 on:
   pull_request:
 
+permissions:
+  checks: write
+  pull-requests: write
+  contents: read
+  packages: read
+
 jobs:
   event-file:
     name: "Upload event file"
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index db7ed62a..d3dde8bd 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -5,6 +5,12 @@ on:
     branches:
       - main
 
+permissions:
+  checks: write
+  pull-requests: write
+  contents: read
+  packages: read
+
 jobs:
   build:
     uses: ./.github/workflows/build-yocto.yml
diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml
index f609b417..7f7497a4 100644
--- a/.github/workflows/test-pr.yml
+++ b/.github/workflows/test-pr.yml
@@ -8,6 +8,12 @@ on:
     types:
       - completed
 
+permissions:
+  checks: write
+  pull-requests: write
+  contents: read
+  packages: read
+
 jobs:
   retrieve-build-url:
     runs-on: ubuntu-latest