From 45262b59aee732bbc4bd59b46ca5f20c67a4462f Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 21 Apr 2024 20:31:06 +0200
Subject: [PATCH 1/2] Actions: Drop CI permissions for security (where not
 already dropping)

---
 .github/workflows/clang-format.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml
index f528509..7b40c47 100644
--- a/.github/workflows/clang-format.yml
+++ b/.github/workflows/clang-format.yml
@@ -3,6 +3,10 @@
 
 name: Enforce clang-format
 
+# Drop permissions to minimum, for security
+permissions:
+  contents: read
+
 on:
   pull_request:
   push:

From 0c61febb89923d5f07fa1e73d36c6a867ab74768 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 21 Apr 2024 20:31:22 +0200
Subject: [PATCH 2/2] Actions: Allow manual trigger

---
 .github/workflows/clang-format.yml | 1 +
 .github/workflows/linux.yml        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml
index 7b40c47..0236ea3 100644
--- a/.github/workflows/clang-format.yml
+++ b/.github/workflows/clang-format.yml
@@ -12,6 +12,7 @@ on:
   push:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
+  workflow_dispatch:
 
 jobs:
   clang-format:
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 93a1076..d054e7e 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -12,6 +12,7 @@ on:
   push:
   schedule:
     - cron: '0 3 * * 5'  # Every Friday at 3am
+  workflow_dispatch:
 
 jobs:
   linux: