ci: declare explicit read-only workflow permissions

This commit is contained in:
rohan436 2026-02-21 18:35:33 +08:00
parent c34d6e81fd
commit a191c86306
2 changed files with 8 additions and 0 deletions

View file

@ -3,6 +3,10 @@ on:
pull_request: pull_request:
push: push:
branches: [main, stable] branches: [main, stable]
permissions:
contents: read
jobs: jobs:
main: main:
runs-on: ubuntu-latest runs-on: ubuntu-latest

View file

@ -5,6 +5,10 @@ on:
push: push:
branches: [main, stable] branches: [main, stable]
paths-ignore: ['docs/**', 'README.md'] paths-ignore: ['docs/**', 'README.md']
permissions:
contents: read
jobs: jobs:
tests: tests:
name: ${{ matrix.name || matrix.python }} name: ${{ matrix.name || matrix.python }}