From 154ce1e3b1d7f1f56e457ac1a3a6cce843e5d7b1 Mon Sep 17 00:00:00 2001
From: Brad Keryan <brad.keryan@ni.com>
Date: Thu, 22 May 2025 07:58:01 -0500
Subject: [PATCH] github: Specify required permissions for each job

---
 .github/workflows/CI.yml                  | 5 ++++-
 .github/workflows/PR.yml                  | 3 +++
 .github/workflows/report_test_results.yml | 7 +++----
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index bee61bad5..5670e1bcc 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -27,4 +27,7 @@ jobs:
     name: Report test results
     uses: ./.github/workflows/report_test_results.yml
     needs: [run_unit_tests, run_system_tests]
-    if: always()
\ No newline at end of file
+    if: always()
+    permissions:
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/PR.yml b/.github/workflows/PR.yml
index 495377ab9..6933dedad 100644
--- a/.github/workflows/PR.yml
+++ b/.github/workflows/PR.yml
@@ -16,3 +16,6 @@ jobs:
   run_ci:
     name: Run CI
     uses: ./.github/workflows/CI.yml
+    permissions:
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/report_test_results.yml b/.github/workflows/report_test_results.yml
index f00ec9256..0e905f7d9 100644
--- a/.github/workflows/report_test_results.yml
+++ b/.github/workflows/report_test_results.yml
@@ -4,14 +4,13 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  checks: write
-  pull-requests: write
-
 jobs:
   report_test_results:
     name: Report test results
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
     steps:
       - name: Check out repo
         uses: actions/checkout@v4