🚀 Potential fix for code scanning alert no. 8: Workflow does not contain permissions (#71)

* Potential fix for code scanning alert no. 8: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix(actions) restrict permission of action configuration files

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Fabien Casenave <fabien.casenave@safrangroup.com>

Author: 3 people

.github/workflows/checksum_release.yml

@@ -5,6 +5,9 @@ on:
   release:
     types: [created]
 
+permissions:
+  contents: read
+
 jobs:
   get-sha256:
     runs-on: ubuntu-latest

.github/workflows/doc.yml

@@ -6,6 +6,9 @@ on:
   schedule:
     - cron: '0 0 * * *'  # Every day at 00:00 UTC
 
+permissions:
+  contents: read
+
 jobs:
   doc:
     runs-on: ubuntu-latest

.github/workflows/draft-pdf.yml

@@ -1,4 +1,8 @@
 name: Draft JOSS PDF
+
+permissions:
+  contents: read
+
 on:
   push:
     paths:

.github/workflows/lint-format-check.yaml

@@ -1,5 +1,8 @@
 name: Lint, format and type check
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     branches: [main]

.github/workflows/pr-title-checker.yml

@@ -1,5 +1,9 @@
 name: PR Title Checker
 
+permissions:
+  contents: read
+  pull-requests: read
+
 on:
   pull_request:
     types: [opened, edited, synchronize, reopened]

.github/workflows/publish-pypi.yml

@@ -7,6 +7,8 @@ on:
 jobs:
   test:
     name: test
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -56,6 +58,8 @@ jobs:
   build:
     name: Build wheels for multiple Python versions
     needs: test
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/testing.yml

@@ -1,5 +1,8 @@
 name: Tests and Examples
 
+permissions:
+  contents: read
+
 on:
   push:
   pull_request: