ci: declare contents: read on linting and tests workflows (#3960)

linting runs prettier / yamllint / boilerplate checks. tests runs terraform/tofu plan + unit tests with matrix providers. Both are pure read - no commits, releases, or comments. Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
2026-05-14 15:12:55 +09:00
parent 981e4581ee
commit 748684dd9c
2 changed files with 7 additions and 0 deletions
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -23,6 +23,10 @@ on:
    branches:
      - master
      - fast-dev
+
+permissions:
+  contents: read
+
 jobs:
  linting:
    runs-on: ubuntu-latest
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -41,6 +41,9 @@ env:
  DEFAULT_TERRAFORM_VERSION: ${{ inputs.terraform_version || '1.12.2' }}
  DEFAULT_TOFU_VERSION: "1.11.0"

+permissions:
+  contents: read
+
 jobs:
  setup-tf-providers:
    runs-on: ubuntu-latest