Limit GitHub Actions token permissions

2026-05-11 22:06:18 +05:30 · 2026-05-11 22:06:18 +05:30 · 5c009df0ef
commit 5c009df0ef
parent 5ef70112a1
3 changed files with 6 additions and 0 deletions
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@ -3,6 +3,8 @@ on:
  pull_request:
  push:
    branches: [main, stable]
+permissions:
+  contents: read
 jobs:
  main:
    runs-on: ubuntu-latest
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -5,6 +5,8 @@ on:
 jobs:
  build:
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v6.1.0
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@ -5,6 +5,8 @@ on:
  push:
    branches: [main, stable]
    paths-ignore: ['docs/**', 'README.md']
+permissions:
+  contents: read
 jobs:
  tests:
    name: ${{ matrix.name || matrix.python }}