Merge pull request #20 from initstring/codex/limit-github_token-permissions-in-workflows

initstring · web-flow · commit 2d7351dbace8 · 2025-09-21T20:17:33.000+10:00
Restrict default GitHub token permissions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,6 +5,9 @@ on:
     branches: [ main ]
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml
@@ -3,6 +3,9 @@ name: Validate Docker Build
 on:
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   validate-docker-build:
     name: Build Docker Image (no push)
