ci: Fix CodeQL scanning alerts (#278)

Author: vladimir-rangelov

.github/workflows/check-pr.yml

@@ -10,6 +10,8 @@ on:
   push:
     branches:
       - next
+permissions:
+  contents: read
 env:
   HUSKY: 0
 jobs:

.github/workflows/merge-to-main.yml

@@ -2,11 +2,17 @@ name: Attempt to merge next to main
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   # Check if next can merge into main
   perform_merge:
     name: Perform merge if "next" can merge into "main"
     runs-on: ubuntu-latest
+    permissions:
+      contents: write #because we push - git push origin "main"
+      pull-requests: write # PR updates
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -40,4 +46,4 @@ jobs:
 
     steps:
       - name: Post error message (To-Do)
-        run: echo "Next cannot be merged into main cleanly"
+        run: echo "Next cannot be merged into main cleanly"

.github/workflows/merge-to-next-major.yml

@@ -3,12 +3,17 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - "next"
+      - 'next'
+permissions:
+  contents: read
 
 jobs:
   # Check if next can merge into next-major
   perform_merge:
     name: Perform merge if "next" can merge into "next-major"
+    permissions:
+      contents: write #because we push - git push origin "next-major"
+      pull-requests: write # PR updates
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -69,4 +74,4 @@ jobs:
 
     steps:
       - name: Post error message (To-Do)
-        run: echo "Next cannot be merged into next-major cleanly"
+        run: echo "Next cannot be merged into next-major cleanly"

.github/workflows/release.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - 'main'
       - 'next'
+permissions:
+  contents: read      
 env:
   HUSKY: 0
 jobs: