security: add explicit permissions to workflows to address code scanning alerts

nikosavola · nikosavola · commit 47409da4fb16 · 2026-04-10T13:38:08.000+03:00
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
@@ -1,6 +1,10 @@
 name: Copilot Setup Steps
 on:
   workflow_dispatch:
+
+permissions:
+  contents: read
+
 jobs:
   copilot-setup-steps:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml
@@ -5,6 +5,10 @@ on:
     branches:
       - main
   workflow_dispatch:
+
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,6 +4,9 @@ on:
   push:
     tags: "v*"
 
+permissions:
+  contents: read
+
 jobs:
   release_pypi:
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
diff --git a/.github/workflows/test_code.yml b/.github/workflows/test_code.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   pre-commit:
     runs-on: ubuntu-latest
