From 61e3bf40c358e630d4785ecd4d71eae80790d1f9 Mon Sep 17 00:00:00 2001
From: fixedpoint <961750412@qq.com>
Date: Thu, 28 Aug 2025 10:14:19 +0800
Subject: [PATCH] [ci]add the explict permissions in workflows

---
 .github/workflows/check.yml     | 5 +++++
 .github/workflows/lint-test.yml | 5 +++++
 .github/workflows/release.yml   | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index c9359f95e..11613baf1 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -5,8 +5,13 @@ on:
   pull_request:
     branches: [dev]
 
+permissions:
+  contents: read
+
 jobs:
   check:
     uses: ./.github/workflows/lint-test.yml
+    permissions:
+      contents: read
     secrets:
       inherit
diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
index c908f07b6..7c467b7be 100644
--- a/.github/workflows/lint-test.yml
+++ b/.github/workflows/lint-test.yml
@@ -4,9 +4,14 @@ on:
       CODECOV_TOKEN:
         required: false
 
+permissions:
+  contents: read
+
 jobs:
   lint-and-test:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 396931caf..fc78dc62f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,8 +3,13 @@ on:
   push:
     branches: [master]
 
+permissions:
+  contents: read
+
 jobs:
   lint-and-test:
+    permissions:
+      contents: read
     uses: ./.github/workflows/lint-test.yml
     secrets:
       inherit