CI: set least-privileged GITHUB_TOKEN (permissions: contents: read)

2025-10-09 00:09:27 -04:00
parent c22c8e0f34
commit f2ab2a96bc
3 changed files with 4 additions and 4 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,9 @@ name: CI
  pull_request:
  workflow_dispatch:

+permissions:
+  contents: read
+
 concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true
@@ -87,4 +90,3 @@ jobs:
          else
            echo "No YAML files."
          fi
-          
--- a/.github/workflows/sync-changelog.yml
+++ b/.github/workflows/sync-changelog.yml
@@ -42,4 +42,3 @@ jobs:
            git commit -m "chore: sync CHANGELOG.md from FileRise"
            git push origin main
          fi
-          
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -41,4 +41,3 @@ services:
      timeout: 5s
      retries: 3
      start_period: 20s
-