From 57302dc472a7b491fc0c5f615e7a61f8cbb27462 Mon Sep 17 00:00:00 2001
From: nacho <25931366+ignaciosantise@users.noreply.github.com>
Date: Wed, 21 May 2025 16:20:12 -0300
Subject: [PATCH 1/2] fix: added base permissions to workflows

---
 .github/workflows/alpha-release.yml | 3 +++
 .github/workflows/changesets.yml    | 9 +++++++--
 .github/workflows/e2e.yml           | 3 +++
 .github/workflows/expo-preview.yml  | 6 +++++-
 .github/workflows/expo-update.yml   | 6 +++++-
 .github/workflows/pull-request.yml  | 4 ++++
 .github/workflows/snapshot.yml      | 4 ++++
 .github/workflows/verify.yml        | 4 ++++
 8 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/alpha-release.yml b/.github/workflows/alpha-release.yml
index d8ade016..41e1ea13 100644
--- a/.github/workflows/alpha-release.yml
+++ b/.github/workflows/alpha-release.yml
@@ -3,6 +3,9 @@ name: Alpha Release
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   alpha-release:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/changesets.yml b/.github/workflows/changesets.yml
index 64bb4382..ebdc6f9d 100644
--- a/.github/workflows/changesets.yml
+++ b/.github/workflows/changesets.yml
@@ -1,4 +1,9 @@
-name: Release
+name: Changesets
+
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   push:
     branches: [main]
@@ -21,7 +26,7 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v4
 
-      - name:
+      - name: Setup Environment
         uses: ./.github/actions/setup
 
       - name: Create Release Pull Request or Publish to NPM
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 3ab77cd0..ea064b61 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -1,5 +1,8 @@
 name: E2E Tests
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   workflow_call:
diff --git a/.github/workflows/expo-preview.yml b/.github/workflows/expo-preview.yml
index 9117b63a..025959a8 100644
--- a/.github/workflows/expo-preview.yml
+++ b/.github/workflows/expo-preview.yml
@@ -1,4 +1,8 @@
-name: expo-preview
+name: Expo Preview
+
+permissions:
+  contents: read
+
 on:
   workflow_call:
   workflow_dispatch:
diff --git a/.github/workflows/expo-update.yml b/.github/workflows/expo-update.yml
index 45fe1da7..f978afdf 100644
--- a/.github/workflows/expo-update.yml
+++ b/.github/workflows/expo-update.yml
@@ -1,4 +1,8 @@
-name: expo-update
+name: Expo Update
+
+permissions:
+  contents: read
+
 on:
   workflow_call:
   workflow_dispatch:
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 536d7e32..ba68b0f1 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -1,4 +1,8 @@
 name: Pull Request
+
+permissions:
+  contents: read
+
 on:
   pull_request:
     types: [opened, reopened, synchronize, ready_for_review]
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
index b8d1ab43..65787857 100644
--- a/.github/workflows/snapshot.yml
+++ b/.github/workflows/snapshot.yml
@@ -1,4 +1,8 @@
 name: Snapshot
+
+permissions:
+  contents: read
+
 on:
   workflow_call:
   workflow_dispatch:
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index b2629a57..5f13aa29 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -1,4 +1,8 @@
 name: Verify
+
+permissions:
+  contents: read
+
 on:
   workflow_call:
   workflow_dispatch:

From d977774f29d0a88ee888b7b951c9ddbbd2d56b7b Mon Sep 17 00:00:00 2001
From: nacho <25931366+ignaciosantise@users.noreply.github.com>
Date: Wed, 21 May 2025 16:24:14 -0300
Subject: [PATCH 2/2] chore: prettier

---
 .github/workflows/alpha-release.yml | 2 +-
 .prettierignore                     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/alpha-release.yml b/.github/workflows/alpha-release.yml
index 41e1ea13..43d3ba72 100644
--- a/.github/workflows/alpha-release.yml
+++ b/.github/workflows/alpha-release.yml
@@ -57,4 +57,4 @@ jobs:
       - name: Push Changes and Tags
         run: |
           git push --follow-tags
-        shell: bash 
\ No newline at end of file
+        shell: bash
diff --git a/.prettierignore b/.prettierignore
index 196f1a34..6fae63a5 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,2 +1,3 @@
 /apps
-.yarn
\ No newline at end of file
+.yarn
+.github/actions
\ No newline at end of file