From a191c863066f43797f484da6c430d668548e9b52 Mon Sep 17 00:00:00 2001 From: rohan436 Date: Sat, 21 Feb 2026 18:35:33 +0800 Subject: [PATCH] ci: declare explicit read-only workflow permissions --- .github/workflows/pre-commit.yaml | 4 ++++ .github/workflows/tests.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index d65c7dff..15788a30 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -3,6 +3,10 @@ on: pull_request: push: branches: [main, stable] + +permissions: + contents: read + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index a69670bb..189f90a6 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -5,6 +5,10 @@ on: push: branches: [main, stable] paths-ignore: ['docs/**', 'README.md'] + +permissions: + contents: read + jobs: tests: name: ${{ matrix.name || matrix.python }}