chore(ci): add explicit permissions to satisfy CodeQL (#60)

ns-vasilev · web-flow · commit 9f5e80113022 · 2025-11-23T13:05:34.000+04:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,6 +18,9 @@ on:
       - "Sources/**"
       - "Tests/**"
 
+permissions:
+    contents: read
+
 concurrency:
   group: validator-${{ github.head_ref }}
   cancel-in-progress: true
diff --git a/.github/workflows/conventional-pr.yml b/.github/workflows/conventional-pr.yml
@@ -8,6 +8,10 @@ on:
       - opened
       - edited
       - synchronize
+permissions:
+  contents: read
+  pull-requests: read
+  statuses: write
 jobs:
   lint-pr:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml
@@ -8,6 +8,10 @@ env:
   LC_CTYPE: en_US.UTF-8
   LANG: en_US.UTF-8
 
+permissions:
+  contents: read
+  pull-requests: write
+  
 jobs:
   run-danger:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -29,6 +29,8 @@ jobs:
   discover-typos:
     name: discover-typos
     runs-on: macos-15
+    permissions:
+      contents: read
     env:
       DEVELOPER_DIR: /Applications/Xcode_16.4.app/Contents/Developer
     steps:
