Restrict workflow permissions to read-only (#155)

tautschnig · web-flow · commit 4f75a5e53fa1 · 2025-12-17T14:47:31.000Z
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: Apache-2.0 OR MIT
 name: Run Unit Tests
 on: pull_request
-
+permissions:
+  contents: read
 
 jobs:
   build:
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,6 +1,8 @@
 # Copyright Kani Contributors
 # SPDX-License-Identifier: Apache-2.0 OR MIT
 name: Deploy Extension
+permissions:
+  contents: read
 
 on:
   push:
diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml
@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: Apache-2.0 OR MIT
 name: Format Check
 on: pull_request
+permissions:
+  contents: read
 
 jobs:
   format-check:
