limit GITHUB_TOKEN permissions

maxfischer2781 · maxfischer2781 · commit 79558072f086 · 2026-04-02T23:10:30.000+02:00
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
@@ -7,6 +7,7 @@
 # documentation.
 
 name: Upload Python Package
+permissions: {}
 
 on:
   release:
@@ -16,6 +17,8 @@ jobs:
   deploy:
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     environment:
       name: pypi-publish
 
diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml
@@ -1,4 +1,5 @@
 name: Unit Tests
+permissions: {}
 
 on:
   push:
@@ -9,6 +10,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       matrix:
         python-version: [
diff --git a/.github/workflows/verification.yml b/.github/workflows/verification.yml
@@ -1,4 +1,5 @@
 name: Static Checks
+permissions: {}
 
 on:
   push:
@@ -9,6 +10,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
     - uses: actions/checkout@v6
       with:
