From 24f0d57fb786a5c2c19faa7e65c2d7ccdc5301a1 Mon Sep 17 00:00:00 2001
From: Kari Hamalainen <kari.hamalainen@nordicsemi.no>
Date: Mon, 13 Oct 2025 14:30:13 +0300
Subject: [PATCH] [nrf noup] ci: add default permissions

Scanners report these as missing so lets add them.

Signed-off-by: Kari Hamalainen <kari.hamalainen@nordicsemi.no>
---
 .github/workflows/commit-tags.yml | 5 ++++-
 .github/workflows/manifest-PR.yml | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/commit-tags.yml b/.github/workflows/commit-tags.yml
index 828f0297167..61fc3a6c5bd 100644
--- a/.github/workflows/commit-tags.yml
+++ b/.github/workflows/commit-tags.yml
@@ -6,6 +6,9 @@ on:
             milestoned, demilestoned, assigned, unassigned, ready_for_review,
             review_requested]
 
+permissions:
+  contents: read
+
 jobs:
   commit_tags:
     runs-on: ubuntu-22.04
@@ -16,7 +19,7 @@ jobs:
         echo "$HOME/.local/bin" >> $GITHUB_PATH
 
     - name: Checkout the code
-      uses: actions/checkout@v3
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         fetch-depth: 0
diff --git a/.github/workflows/manifest-PR.yml b/.github/workflows/manifest-PR.yml
index 47330114652..0f3bd738a36 100644
--- a/.github/workflows/manifest-PR.yml
+++ b/.github/workflows/manifest-PR.yml
@@ -5,6 +5,8 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
 
 jobs:
   call-manifest-pr-action: