From aa431296709d141bd56331e7c218360504e3c803 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alex=20R=C3=B8nne=20Petersen?= <alex@alexrp.com>
Date: Mon, 22 Jan 2024 23:58:31 +0100
Subject: [PATCH] Harden workflow permissions.

---
 .github/workflows/build.yml   | 2 ++
 .github/workflows/package.yml | 3 +++
 .github/workflows/release.yml | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4570682..4627804 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,6 +6,8 @@ on:
             - dependabot/**
     pull_request:
     workflow_dispatch:
+permissions:
+    contents: read
 defaults:
     run:
         shell: bash
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
index fd47443..b05124a 100644
--- a/.github/workflows/package.yml
+++ b/.github/workflows/package.yml
@@ -4,6 +4,9 @@ on:
     push:
         branches:
             - master
+permissions:
+    contents: read
+    packages: write
 defaults:
     run:
         shell: bash
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 60e47a1..2a9f256 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,8 @@ on:
     release:
         types:
             - published
+permissions:
+    contents: read
 defaults:
     run:
         shell: bash