Added explicit permissions to all GitHub action workflows (jwngr#306)

jwngr · web-flow · commit b10755a97b96 · 2025-10-11T18:56:18.000-07:00
diff --git a/.github/workflows/firebase-hosting-merge.yml b/.github/workflows/firebase-hosting-merge.yml
@@ -1,8 +1,13 @@
 name: Deploy prod frontend on merge
+
 on:
   push:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   build_and_deploy:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/firebase-hosting-pull-request.yml b/.github/workflows/firebase-hosting-pull-request.yml
@@ -1,9 +1,12 @@
 name: Deploy frontend preview on PR
+
 on: pull_request
+
 permissions:
   checks: write
   contents: read
   pull-requests: write
+
 jobs:
   build_and_preview:
     if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
diff --git a/.github/workflows/frontend-ci.yml b/.github/workflows/frontend-ci.yml
@@ -1,5 +1,10 @@
 name: Run Frontend CI on push
+
 on: [push]
+
+permissions:
+  contents: read
+
 jobs:
   frontend-ci:
     runs-on: ubuntu-latest
