fix: add actions: read permission to CI workflows for CodeQL

Copilot · neilime · neilime · commit 4f0861004e86 · 2025-09-27T20:18:34.000+02:00
Co-authored-by: neilime &lt;314088+neilime@users.noreply.github.com&gt;
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
@@ -4,6 +4,7 @@ on:
   workflow_call:
 
 permissions:
+  actions: read
   contents: read
   security-events: write
   statuses: write
diff --git a/.github/workflows/main-ci.yml b/.github/workflows/main-ci.yml
@@ -6,6 +6,7 @@ on:
     tags: ['*']
 
 permissions:
+  actions: read
   contents: read
   id-token: write
   pages: write
diff --git a/.github/workflows/pull-request-ci.yml b/.github/workflows/pull-request-ci.yml
@@ -6,6 +6,7 @@ on:
     branches: [main]
 
 permissions:
+  actions: read
   contents: read
   security-events: write
   statuses: write
