build(ci): use explicit permissions in workflows

h4l · h4l · commit eb8e8fc39615 · 2024-12-22T09:31:02.000Z
This addresses CodeQL Rule ID actions/missing-workflow-permissions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,4 +1,6 @@
 name: "Main"
+permissions:
+  contents: read
 on:
   push:
     branches:
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,4 +1,6 @@
 name: publish
+permissions:
+  contents: read
 on:
   push:
     tags:
@@ -54,6 +56,7 @@ jobs:
     environment: release
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       # IMPORTANT: this permission is mandatory for trusted publishing
       id-token: write
     steps:
