From 733e33c6468b466cdd086bac72f42bab1639ae32 Mon Sep 17 00:00:00 2001
From: Cuecuexiaoyu <yuyi51@huawei.com>
Date: Mon, 15 Sep 2025 15:52:24 +0800
Subject: [PATCH] restrict the permissions in ci.yml

Signed-off-by: Cuecuexiaoyu <yuyi51@huawei.com>
---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a6743cf5e4..d33a088466 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,8 @@ on:
   pull_request:
   push:
     branches: [ master ]
+permissions:
+  contents: read
 jobs:
   test:
     strategy:
@@ -12,6 +14,8 @@ jobs:
         script: [ compress, mocha, release/benchmark, release/jetstream ]
     name: ${{ matrix.node }} ${{ matrix.os }} ${{ matrix.script }}
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     env:
       NODE: ${{ matrix.node }}
       TYPE: ${{ matrix.script }}