From 6bee838463fe45cec2c46d1e7a05237b9783487b Mon Sep 17 00:00:00 2001
From: Alexander Todorov <atodorov@otb.bg>
Date: Mon, 26 Feb 2024 23:25:04 +0200
Subject: [PATCH] read-only permissions for GitHub actions

---
 .github/workflows/main.yml | 2 ++
 .github/workflows/pr.yml   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7534fa5..689062c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,5 +1,7 @@
 on: [push]
 
+permissions: read-all
+
 jobs:
   hello_world_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 1ca4007..c77ac02 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -1,6 +1,8 @@
 on:
   pull_request:
 
+permissions: read-all
+
 jobs:
   pr_container_job:
     runs-on: ubuntu-latest