From 2631109aad803b1cff03663783de7e0e22bb5abd Mon Sep 17 00:00:00 2001
From: Roshan Khatri <rvkhatri@amazon.com>
Date: Tue, 16 Apr 2024 13:34:15 +0000
Subject: [PATCH] Restricting permissions to read on top level

Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
---
 .github/workflows/call-build-linux-arm-packages.yml | 5 +++--
 .github/workflows/call-build-linux-x86-packages.yml | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/call-build-linux-arm-packages.yml b/.github/workflows/call-build-linux-arm-packages.yml
index 87cb46fb64..db987b3816 100644
--- a/.github/workflows/call-build-linux-arm-packages.yml
+++ b/.github/workflows/call-build-linux-arm-packages.yml
@@ -29,13 +29,14 @@ on:
         description: The S3 secret access key for the bucket.
         required: false
 
+permissions:
+  contents: read
+
 jobs:
   build-valkey:
     # Capture source tarball and generate checksum for it
     name: Build package ${{ matrix.distro.target }} ${{ matrix.distro.arch }}
     runs-on: 'ubuntu-latest'
-    permissions:
-      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJSON(inputs.build_matrix) }}
diff --git a/.github/workflows/call-build-linux-x86-packages.yml b/.github/workflows/call-build-linux-x86-packages.yml
index 022793d5c2..59c9fac52f 100644
--- a/.github/workflows/call-build-linux-x86-packages.yml
+++ b/.github/workflows/call-build-linux-x86-packages.yml
@@ -29,13 +29,14 @@ on:
         description: The S3 secret access key for the bucket.
         required: false
 
+permissions:
+  contents: read
+
 jobs:
   build-valkey:
     # Capture source tarball and generate checksum for it
     name: Build package ${{ matrix.distro.target }} ${{ matrix.distro.arch }}
     runs-on: 'ubuntu-latest'
-    permissions:
-      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJSON(inputs.build_matrix) }}