From bcd22f57c3fc810a2a9ec46b0e25aff3139a80fb Mon Sep 17 00:00:00 2001
From: Michael Volo <volo@rice.edu>
Date: Tue, 6 May 2025 17:54:25 -0600
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 1: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/tests.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a6b2387f..9665c58b 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -1,4 +1,7 @@
 name: Tests
+permissions:
+  contents: read
+  statuses: write
 
 on:
   push:

From d3319b92bf944e9b1e7e7c71876f6c54f67052e8 Mon Sep 17 00:00:00 2001
From: Michael Volo <volo@rice.edu>
Date: Tue, 6 May 2025 17:55:13 -0600
Subject: [PATCH 2/2] add id-token

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 9665c58b..2f11d2e1 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,6 +2,7 @@ name: Tests
 permissions:
   contents: read
   statuses: write
+  id-token: write
 
 on:
   push: