ci: declare explicit read-only workflow permissions

This commit is contained in:
rohan436 2026-02-21 18:35:33 +08:00
parent c34d6e81fd
commit a191c86306
2 changed files with 8 additions and 0 deletions

View file

@ -3,6 +3,10 @@ on:
pull_request:
push:
branches: [main, stable]
permissions:
contents: read
jobs:
main:
runs-on: ubuntu-latest

View file

@ -5,6 +5,10 @@ on:
push:
branches: [main, stable]
paths-ignore: ['docs/**', 'README.md']
permissions:
contents: read
jobs:
tests:
name: ${{ matrix.name || matrix.python }}