Add explicit read permissions to workflows

rnro · rnro · commit 6015531f17fb · 2025-10-30T15:47:58.000Z
Motivation:

* More secure GitHub Actions workflows

Modifications:

Add explicit 'contents: read' permissions to workflows that did not have
explicit permissions defined. This follows GitHub Actions security best
practices by limiting the default GITHUB_TOKEN permissions.

Result:

An extra layer of security.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,4 +1,7 @@
 name: CI
+
+permissions:
+  contents: read
 on:
   push:
     branches: ["release/1.x"]
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,5 +1,8 @@
 name: Release
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:
