Add minimal permissions to Workflows

hasenbanck · hasenbanck · commit f1fd183f6b52 · 2025-08-23T19:53:05.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,6 +12,8 @@ env:
 jobs:
   build:
     runs-on: ${{matrix.os}}
+    permissions:
+      contents: read
     strategy:
       matrix:
         os:
@@ -45,6 +47,8 @@ jobs:
 
   build-wasm:
     runs-on: ${{matrix.os}}
+    permissions:
+      contents: read
     strategy:
       matrix:
         os:
@@ -69,6 +73,8 @@ jobs:
   rustfmt:
     name: Rustfmt
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -85,6 +91,8 @@ jobs:
   clippy:
     name: Clippy
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -12,6 +12,8 @@ jobs:
   build-linux:
     name: Build Linux x86_64
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     
     steps:
       - name: Checkout code
@@ -54,6 +56,8 @@ jobs:
   build-windows:
     name: Build Windows x86_64
     runs-on: windows-latest
+    permissions:
+      contents: read
     
     steps:
       - name: Checkout code
@@ -96,6 +100,8 @@ jobs:
   build-macos:
     name: Build macOS aarch64
     runs-on: macos-latest
+    permissions:
+      contents: read
     
     steps:
       - name: Checkout code
@@ -146,6 +152,8 @@ jobs:
     name: Create GitHub Release
     needs: [ build-linux, build-windows, build-macos ]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     
     steps:
       - name: Checkout code
