From 03defac1e59234d4ea057ff28f4b30cb0c1bb944 Mon Sep 17 00:00:00 2001
From: Joe Richey <joerichey@google.com>
Date: Fri, 24 Mar 2023 19:30:06 -0700
Subject: [PATCH] ci: use minimal permissions for Github Actions (#351)

Fixes #348

we only need to read the contents of the repo to run our tests, no other
permissions are needed, as we currently do not publish via our CI jobs.

Signed-off-by: Joe Richey <joerichey@google.com>
---
 .github/workflows/tests.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a8717d7f..0c9f3f15 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -8,6 +8,9 @@ on:
   schedule:
     - cron: "0 12 * * 1"
 
+permissions:
+  contents: read
+
 env:
   CARGO_INCREMENTAL: 0
   RUSTFLAGS: "-Dwarnings"