security: add explicit permissions to CI workflow

Copilot · huangyiirene · Copilot · commit 4d7b3dcec923 · 2026-01-18T09:15:02.000Z
Set minimal permissions (contents: read) to limit GITHUB_TOKEN scope

Co-authored-by: huangyiirene &lt;7665279+huangyiirene@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -11,6 +11,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout repository
