Restrict CI workflow permissions to readonly contents

2024-03-02 17:56:43 +00:00 · 2024-03-02 17:56:43 +00:00 · d3d0381d2c
parent 13dfdae6ab
commit d3d0381d2c
1 changed files with 8 additions and 5 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -1,11 +1,14 @@
 name: ci

 on:
-    push:
-        branches: [ "master" ]
-    pull_request:
-        branches: [ "master" ]
-    workflow_call:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  workflow_call:
+
+permissions:
+  contents: read

 jobs:
  build: