From 9a12905a2da045b0948f612583b526bca3a1b2f0 Mon Sep 17 00:00:00 2001
From: sobolevn <mail@sobolevn.me>
Date: Tue, 27 Aug 2024 11:52:51 +0300
Subject: [PATCH] Only set `contents: read` permission in GitHub Action

---
 .github/workflows/ci.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 04be33bb6b..8316d7dc16 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -9,6 +9,9 @@ concurrency:
   # Cancels pending runs when a PR gets updated.
   group: ${{ github.head_ref || github.run_id }}-${{ github.actor }}
   cancel-in-progress: true
+permissions:
+  # Sets permission policy for `GITHUB_TOKEN`
+  contents: read
 jobs:
   x86_64-linux-debug:
     timeout-minutes: 420