Add top-level read-only permissions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
diff --git a/.github/workflows/ci-android-jni.yml b/.github/workflows/ci-android-jni.yml
index 0eaabd3..f2320b6 100644
--- a/.github/workflows/ci-android-jni.yml
+++ b/.github/workflows/ci-android-jni.yml
@@ -1,5 +1,9 @@
name: CI
on: [push, pull_request]
+
+permissions:
+ contents: read
+
jobs:
build-android-jni:
runs-on: ubuntu-latest
diff --git a/.github/workflows/ci-disable-gtest.yml b/.github/workflows/ci-disable-gtest.yml
index bc1d35b..3c1a6cc 100644
--- a/.github/workflows/ci-disable-gtest.yml
+++ b/.github/workflows/ci-disable-gtest.yml
@@ -6,6 +6,10 @@
name: CI
on: [push, pull_request]
+
+permissions:
+ contents: read
+
jobs:
build-disable-gtest:
runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/ci-unix-shared-installed.yml b/.github/workflows/ci-unix-shared-installed.yml
index e090bfa..9648166 100644
--- a/.github/workflows/ci-unix-shared-installed.yml
+++ b/.github/workflows/ci-unix-shared-installed.yml
@@ -3,6 +3,10 @@
name: CI
on: [push, pull_request]
+
+permissions:
+ contents: read
+
jobs:
build-shared-installed:
runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/ci-unix-shared-local.yml b/.github/workflows/ci-unix-shared-local.yml
index 96fec16..21252aa 100644
--- a/.github/workflows/ci-unix-shared-local.yml
+++ b/.github/workflows/ci-unix-shared-local.yml
@@ -5,6 +5,10 @@
name: CI
on: [push, pull_request]
+
+permissions:
+ contents: read
+
jobs:
build-shared-local:
runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/ci-unix-static.yml b/.github/workflows/ci-unix-static.yml
index 323b28b..d5f7539 100644
--- a/.github/workflows/ci-unix-static.yml
+++ b/.github/workflows/ci-unix-static.yml
@@ -1,5 +1,9 @@
name: CI
on: [push, pull_request]
+
+permissions:
+ contents: read
+
jobs:
build-static:
runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/ci-windows.yml b/.github/workflows/ci-windows.yml
index dbaf3bf..465d39e 100644
--- a/.github/workflows/ci-windows.yml
+++ b/.github/workflows/ci-windows.yml
@@ -12,6 +12,10 @@
name: CI
on: [push, pull_request]
+
+permissions:
+ contents: read
+
jobs:
build-static:
runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index f69d8a0..01d7fef 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -1,5 +1,9 @@
name: CI
on: [pull_request]
+
+permissions:
+ contents: read
+
jobs:
fuzz:
runs-on: ubuntu-latest
diff --git a/.github/workflows/clang-format-check.yml b/.github/workflows/clang-format-check.yml
index 2b8c407..1605b5a 100644
--- a/.github/workflows/clang-format-check.yml
+++ b/.github/workflows/clang-format-check.yml
@@ -1,5 +1,9 @@
name: CI
on: [push]
+
+permissions:
+ contents: read
+
jobs:
clang-format-check:
runs-on: ubuntu-latest
diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml
index a7d7bea..5e28251 100644
--- a/.github/workflows/docker-ci.yml
+++ b/.github/workflows/docker-ci.yml
@@ -9,6 +9,9 @@
paths:
- "!**.md"
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
