From 391fb52f1da93f537bbaa4835b092edbd01aebe6 Mon Sep 17 00:00:00 2001
From: Jake Hemstad <jhemstad@nvidia.com>
Date: Wed, 29 Nov 2023 17:29:47 +0000
Subject: [PATCH] Add permissions to verify-devcontainers.

---
 .github/workflows/pr.yml                   | 3 +++
 .github/workflows/verify-devcontainers.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 02464dd633..28da0d5df4 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -168,6 +168,9 @@ jobs:
 
   verify-devcontainers:
     name: Verify Dev Containers
+    permissions:
+      id-token: write
+      contents: read
     uses: ./.github/workflows/verify-devcontainers.yml
 
   # This job is the final job that runs after all other jobs and is used for branch protection status checks.
diff --git a/.github/workflows/verify-devcontainers.yml b/.github/workflows/verify-devcontainers.yml
index baa6c2e273..ef9780f820 100644
--- a/.github/workflows/verify-devcontainers.yml
+++ b/.github/workflows/verify-devcontainers.yml
@@ -7,6 +7,9 @@ defaults:
   run:
     shell: bash -euo pipefail {0}
 
+permissions:
+  contents: read
+
 jobs:
   verify-make-devcontainers:
     name: Verify devcontainer files are up-to-date