From a55c4a76939205cbe290db79dc38d3941c423266 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Tue, 14 Oct 2025 21:44:04 +0000
Subject: [PATCH] chore(ci): add permissions to workflow files

---
 .github/workflows/add-asana-comment.yml     |  3 +++
 .github/workflows/add-asana-comment.yml.bak | 16 ++++++++++++++++
 .github/workflows/ci.yml                    |  3 +++
 3 files changed, 22 insertions(+)
 create mode 100644 .github/workflows/add-asana-comment.yml.bak

diff --git a/.github/workflows/add-asana-comment.yml b/.github/workflows/add-asana-comment.yml
index aaa3f6d..e9ad61d 100644
--- a/.github/workflows/add-asana-comment.yml
+++ b/.github/workflows/add-asana-comment.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [opened]
 
+permissions:
+  contents: read
+
 jobs:
   link-asana-task:
     if: ${{ github.actor != 'dependabot[bot]' }}
diff --git a/.github/workflows/add-asana-comment.yml.bak b/.github/workflows/add-asana-comment.yml.bak
new file mode 100644
index 0000000..aaa3f6d
--- /dev/null
+++ b/.github/workflows/add-asana-comment.yml.bak
@@ -0,0 +1,16 @@
+name: Asana
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  link-asana-task:
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: Asana/create-app-attachment-github-action@v1.3
+        id: postAttachment
+        with:
+          asana-secret: ${{ secrets.ASANA_API_ACCESS_KEY }}
+      - run: echo "Status is ${{ steps.postAttachment.outputs.status }}"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ea19ed6..20ffeac 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,6 +9,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   generate:
     runs-on: ubuntu-latest