From e50d2a006f004aa006b82805ef5bab45c9b4038a Mon Sep 17 00:00:00 2001
From: Ismo Vuorinen <ismo@ivuorinen.net>
Date: Wed, 22 Jan 2025 17:29:40 +0200
Subject: [PATCH] fix(ci): stale workflow permissions

---
 .github/workflows/stale.yml |  2 ++
 .pre-commit-config.yaml     | 60 +++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 .pre-commit-config.yaml

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index e185f54..2d0937c 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -21,6 +21,8 @@ jobs:
       contents: write # only for delete-branch option
       issues: write
       pull-requests: write
+      statuses: read
+      packages: read
 
     steps:
       - name: 🚀 Run stale
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..2bd0206
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,60 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: requirements-txt-fixer
+      - id: detect-private-key
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+      - id: check-shebang-scripts-are-executable
+      - id: check-symlinks
+      - id: check-toml
+      - id: check-xml
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args: [--fix=auto]
+      - id: pretty-format-json
+        args: [--autofix, --no-sort-keys]
+
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.43.0
+    hooks:
+      - id: markdownlint
+        args: [-c, .markdownlint.yaml, --fix]
+
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.35.1
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: v0.10.0
+    hooks:
+      - id: shellcheck
+
+  - repo: https://github.com/scop/pre-commit-shfmt
+    rev: v3.10.0-2
+    hooks:
+      - id: shfmt
+
+  - repo: https://github.com/rhysd/actionlint
+    rev: v1.7.7
+    hooks:
+      - id: actionlint
+
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 39.122.0
+    hooks:
+      - id: renovate-config-validator
+
+  - repo: https://github.com/bridgecrewio/checkov.git
+    rev: '3.2.354'
+    hooks:
+      - id: checkov
+        args:
+          - '--quiet'