From 5dbc4e0a42320f95ffd561e64b8ba424dd6e63de Mon Sep 17 00:00:00 2001
From: Dimitri Papadopoulos
 <3234522+DimitriPapadopoulos@users.noreply.github.com>
Date: Fri, 7 Oct 2022 22:42:50 +0200
Subject: [PATCH] ci: Security hardening for GitHub Actions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

The idea is that the software supply chain relies on 3rd party actions
that could be compromised. Mitigate this risk by giving these actions
minimal rights to the repository. Here read-only access is good enough.
---
 .github/workflows/ci.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index be25973..ac52e9b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -8,6 +8,9 @@ on:  # yamllint disable-line rule:truthy
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Linters