From 6659d9cdddc8677dd1c8eb0b499ec462761ca05f Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Wed, 18 Jan 2023 15:12:12 +0100
Subject: [PATCH] Set permissions on workflows

---
 .github/workflows/codeql-analysis.yaml | 3 +++
 .github/workflows/publish.yaml         | 3 +++
 .github/workflows/test.yaml            | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index 55ee989..07e6945 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -20,6 +20,9 @@ on:
   schedule:
     - cron: '35 4 * * 3'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index ee2b588..3c46269 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -5,6 +5,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     uses: ./.github/workflows/test.yaml
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 907e03c..c871480 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -5,6 +5,9 @@ on:
   pull_request:
     branches: [ "master" ]
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: Python tests