set explicit permissions for GitHub workflows - all remaining workflows (#170)

incertum · web-flow · commit 20d5c09a6968 · 2025-10-03T20:07:46.000-07:00
diff --git a/.github/workflows/create_automerge_pr.yml b/.github/workflows/create_automerge_pr.yml
@@ -40,6 +40,10 @@ name: Create automerge PR
 #    types: [..., ready_for_review]
 # ```
 # Unfortunately this will also re-trigger testing evenon a normal user's PR (which may have already been tested), but skipping them causes the checks to reset so this is the best we can do for now.
+
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
diff --git a/.github/workflows/performance_test.yml b/.github/workflows/performance_test.yml
@@ -1,5 +1,8 @@
 name: Performance test
 
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -1,5 +1,8 @@
 name: Pull request
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     types: [opened, reopened, synchronize]
diff --git a/.github/workflows/swift_package_test.yml b/.github/workflows/swift_package_test.yml
@@ -1,5 +1,8 @@
 name: Swift Matrix
 
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
