From efe92cfa29a35efe73a503f7d6c2fbbef0f745ba Mon Sep 17 00:00:00 2001
From: Robin Linden <dev@robinlinden.eu>
Date: Thu, 10 Apr 2025 22:19:15 +0200
Subject: [PATCH] Set CI jobs to only be allowed to read the repo contents

---
 .github/workflows/ci.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b5bc9a4..3c1db80 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -4,6 +4,10 @@ on:
   pull_request:
   workflow_dispatch:
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  contents: read
+
 jobs:
   ci:
     name: ${{ matrix.name }}