From d3d0381d2cbc50d7e4c1ccc7c0f3393cb41db630 Mon Sep 17 00:00:00 2001
From: Michael Bull <mikebull94@gmail.com>
Date: Sat, 2 Mar 2024 17:56:43 +0000
Subject: [PATCH] Restrict CI workflow permissions to readonly contents

---
 .github/workflows/ci.yaml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6da5cb4..a531110 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,11 +1,14 @@
 name: ci
 
 on:
-    push:
-        branches: [ "master" ]
-    pull_request:
-        branches: [ "master" ]
-    workflow_call:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  workflow_call:
+
+permissions:
+  contents: read
 
 jobs:
   build: