From 9bf7574824f075a9f743a340ad2fbc9f64c2415b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Mar 2026 03:59:28 +0000
Subject: [PATCH 1/2] Initial plan


From fe0b100dfe084c7215ae683b33f532d5e9fd7a14 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Mar 2026 04:01:31 +0000
Subject: [PATCH 2/2] Add permissions: contents: read to all GitHub Actions
 workflow files

Co-authored-by: torosent <17064840+torosent@users.noreply.github.com>
---
 .github/workflows/durabletask-azuremanaged-dev.yml          | 3 +++
 .github/workflows/durabletask-azuremanaged-experimental.yml | 3 +++
 .github/workflows/durabletask-azuremanaged.yml              | 3 +++
 .github/workflows/durabletask-dev.yml                       | 3 +++
 .github/workflows/durabletask-experiment.yml                | 3 +++
 .github/workflows/durabletask.yml                           | 3 +++
 6 files changed, 18 insertions(+)

diff --git a/.github/workflows/durabletask-azuremanaged-dev.yml b/.github/workflows/durabletask-azuremanaged-dev.yml
index 0ba1ece..e842e91 100644
--- a/.github/workflows/durabletask-azuremanaged-dev.yml
+++ b/.github/workflows/durabletask-azuremanaged-dev.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   publish-dev:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/durabletask-azuremanaged-experimental.yml b/.github/workflows/durabletask-azuremanaged-experimental.yml
index 444b7f9..ff9e8c2 100644
--- a/.github/workflows/durabletask-azuremanaged-experimental.yml
+++ b/.github/workflows/durabletask-azuremanaged-experimental.yml
@@ -6,6 +6,9 @@ on:
       - main
       - release/*
 
+permissions:
+  contents: read
+
 jobs:
   publish-experimental:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/durabletask-azuremanaged.yml b/.github/workflows/durabletask-azuremanaged.yml
index 852b06d..b2b8369 100644
--- a/.github/workflows/durabletask-azuremanaged.yml
+++ b/.github/workflows/durabletask-azuremanaged.yml
@@ -10,6 +10,9 @@ on:
     branches: 
       - "main"
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/durabletask-dev.yml b/.github/workflows/durabletask-dev.yml
index 09ee4be..ec226b2 100644
--- a/.github/workflows/durabletask-dev.yml
+++ b/.github/workflows/durabletask-dev.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   publish-dev:
     # needs: run-tests
diff --git a/.github/workflows/durabletask-experiment.yml b/.github/workflows/durabletask-experiment.yml
index a9d440a..1181567 100644
--- a/.github/workflows/durabletask-experiment.yml
+++ b/.github/workflows/durabletask-experiment.yml
@@ -6,6 +6,9 @@ on:
       - main
       - release/*
 
+permissions:
+  contents: read
+
 jobs:
   publish-experimental:
     # needs: run-tests
diff --git a/.github/workflows/durabletask.yml b/.github/workflows/durabletask.yml
index e7465ef..3be2baf 100644
--- a/.github/workflows/durabletask.yml
+++ b/.github/workflows/durabletask.yml
@@ -10,6 +10,9 @@ on:
     branches: 
       - "main"
 
+permissions:
+  contents: read
+
 jobs:
   lint-and-unit-tests:
     runs-on: ubuntu-latest