Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#4274)

jiaren-wu · github-advanced-security[bot] · Copilot · web-flow · commit 6e46b42bf4d3 · 2025-10-13T11:08:35.000-07:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
Co-authored-by: Copilot &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: jiaren-wu &lt;190862939+jiaren-wu@users.noreply.github.com&gt;
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/.github/workflows/arc-update-runners-scheduled.yaml b/.github/workflows/arc-update-runners-scheduled.yaml
@@ -1,6 +1,9 @@
 # This workflows polls releases from actions/runner and in case of a new one it
 # updates files containing runner version and opens a pull request.
 name: Runner Updates Check (Scheduled Job)
+permissions:
+  pull-requests: write
+  contents: write
 
 on:
   schedule:
diff --git a/.github/workflows/global-run-first-interaction.yaml b/.github/workflows/global-run-first-interaction.yaml
@@ -1,5 +1,10 @@
 name: First Interaction
 
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 on:
   issues:
     types: [opened]
