From 8009a66184de2ac66539f509d5c69fdc5e2f161c Mon Sep 17 00:00:00 2001
From: William Allen <william.allen@kitware.com>
Date: Sat, 31 Jan 2026 16:16:41 -0500
Subject: [PATCH] Change CI permissions to read-only

The `pull-requests: write` [permission](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions) allows the GITHUB_TOKEN to be used to label, comment on, and perform other interactions with the pull request.  Neither of these workflow files require these permissions.  Minimum permission is best practice.
---
 .github/workflows/main.yml          | 1 -
 .github/workflows/netcdf4_adios.yml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 5ea34931d..951566021 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -3,7 +3,6 @@ name: CI - OS and MPI
 
 permissions:
   contents: read
-  pull-requests: write
 
 on:
   push:
diff --git a/.github/workflows/netcdf4_adios.yml b/.github/workflows/netcdf4_adios.yml
index d8832f2fe..f3e9630e6 100644
--- a/.github/workflows/netcdf4_adios.yml
+++ b/.github/workflows/netcdf4_adios.yml
@@ -3,7 +3,6 @@ name: CI - NetCDF4 and ADIOS
 
 permissions:
   contents: read
-  pull-requests: write
 
 on:
   push: