From e8426f1465a70104ca03b6c743ae97c5afa8604d Mon Sep 17 00:00:00 2001
From: Kenta Kubo <601636+kkebo@users.noreply.github.com>
Date: Sat, 11 Oct 2025 22:18:27 +0900
Subject: [PATCH] ci: restrict permissions

---
 .github/workflows/ci.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 36465d3..896f0f5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,15 +4,20 @@ on:
     branches: ["main"]
   pull_request:
     branches: ["main"]
+permissions: {}
 jobs:
   lint:
     runs-on: ubuntu-24.04-arm
     container: swift:6.2
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
       - run: swift format lint -rsp .
   yamllint:
     runs-on: ubuntu-24.04-arm
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
       - run: yamllint --version