From 0ad0fa284e21485c2b10ee02abf1e6ec46d44478 Mon Sep 17 00:00:00 2001
From: Eliah Kagan <degeneracypressure@gmail.com>
Date: Thu, 17 Apr 2025 02:22:35 -0400
Subject: [PATCH] Set explicit `contents: read` permissions in CI workflow

Since no other permissions are currently needed in it.

This avoids the ambiguous and sometimes greater than intended
workflow permissions assigned if no `permissions` key is used. See:
https://github.com/github/codeql/blob/main/actions/ql/src/Security/CWE-275/MissingActionsPermissions.md

This is similar in motivation to, though much simpler than:
https://github.com/GitoxideLabs/gitoxide/pull/1668/commits/f41a58cb0c0a1417fa08d69b2db172fc6f2d995c
---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 78cf846..f197b87 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,9 @@ on:
     branches:
     - main
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test-linux:
     runs-on: ubuntu-latest