From 5bde55434cf7244253af6725e55d11cd4f374b34 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Sun, 30 Jul 2023 03:48:34 -0400
Subject: [PATCH] Restrict github permissions for workflow

---
 .github/workflows/build-image-on-pr.yml | 3 +++
 .github/workflows/build-image.yml       | 3 +++
 .github/workflows/ci.yml                | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/build-image-on-pr.yml b/.github/workflows/build-image-on-pr.yml
index 8ed2569a..472781eb 100644
--- a/.github/workflows/build-image-on-pr.yml
+++ b/.github/workflows/build-image-on-pr.yml
@@ -6,6 +6,9 @@ on:
 
 jobs:
   build:
+    permissions:
+      contents: read
+
     concurrency:
       group: image-pr-${{ github.event.pull_request.number }}
 
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 5e914dce..df952fed 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -6,6 +6,9 @@ on:
 
 jobs:
   build:
+    permissions:
+      contents: read
+
     concurrency:
       group: image-${{ github.ref }}
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index be30f8df..6af86daf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,9 @@ on:
 
 jobs:
   build:
+    permissions:
+      contents: read
+
     concurrency:
       group: ci-${{ github.ref }}