From 6c7dfa772f7506bfe4695840510e02264f1a1276 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 21:32:18 -0400
Subject: [PATCH 1/2] Scope down GitHub token permissions for pull_request.yml

---
 .github/workflows/pull_request.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 84f88712..657d1333 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -5,6 +5,10 @@ on:
   #By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened.
   pull_request:
 
+
+permissions:
+  contents: read
+
 jobs:
   frontend-tests:
     runs-on: ubuntu-latest

From 448bde8450f992a25bc5804dcc6bd0fa69eb0291 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 11:36:55 -0400
Subject: [PATCH 2/2] Update GitHub Actions workflow with permissions

Add permissions for write access to contents
---
 .github/workflows/publish-adrs.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/publish-adrs.yml b/.github/workflows/publish-adrs.yml
index 1fb3d0d5..721754ac 100644
--- a/.github/workflows/publish-adrs.yml
+++ b/.github/workflows/publish-adrs.yml
@@ -3,6 +3,10 @@ on:
   push:
     branches:
       - main
+
+permissions:
+  contents: write
+      
 jobs:
   build-and-publish:
     runs-on: ubuntu-latest