From 2464a5475215f6428bb8a0bf95ee41c8ebf9319b Mon Sep 17 00:00:00 2001
From: James Frank <james.frank@nih.gov>
Date: Tue, 7 Oct 2025 05:47:28 -0600
Subject: [PATCH 1/2] (#114) Add workflow permissions

Closes #114
---
 .github/workflows/ocpl_cm_standards_check.yml | 2 ++
 .github/workflows/workflow.yml                | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/ocpl_cm_standards_check.yml b/.github/workflows/ocpl_cm_standards_check.yml
index 1d5f3df..c79fb9b 100644
--- a/.github/workflows/ocpl_cm_standards_check.yml
+++ b/.github/workflows/ocpl_cm_standards_check.yml
@@ -6,4 +6,6 @@ on:
 
 jobs:
   commitlint_remote:
+    permissions:
+      contents: read
     uses: nciocpl/.github/.github/workflows/ocpl_cm_standards_check.yml@workflow/v1
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 0a4027c..32d9bf8 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -23,6 +23,10 @@ jobs:
   build:
     name: Build, Test and Upload Artifacts
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: read
+      pull-requests: write
     defaults:
       run:
         working-directory: ${{ format('./{0}', inputs.app_path) }}
@@ -144,6 +148,8 @@ jobs:
     ## This job depends on build completing
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Download built app
         uses: actions/download-artifact@v4

From 7120d6b6d9fd8f0b9b96f95fd7d49d68986e3269 Mon Sep 17 00:00:00 2001
From: James Frank <james.frank@nih.gov>
Date: Tue, 7 Oct 2025 06:19:23 -0600
Subject: [PATCH 2/2] (#116) Upgrade CM standards check to v2

Closes #116
---
 .github/workflows/ocpl_cm_standards_check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ocpl_cm_standards_check.yml b/.github/workflows/ocpl_cm_standards_check.yml
index c79fb9b..d4c08d9 100644
--- a/.github/workflows/ocpl_cm_standards_check.yml
+++ b/.github/workflows/ocpl_cm_standards_check.yml
@@ -8,4 +8,4 @@ jobs:
   commitlint_remote:
     permissions:
       contents: read
-    uses: nciocpl/.github/.github/workflows/ocpl_cm_standards_check.yml@workflow/v1
+    uses: nciocpl/.github/.github/workflows/ocpl_cm_standards_check.yml@workflow/v2