From 414186cff52bb28eb868b5ab225f07ac7dee4dd4 Mon Sep 17 00:00:00 2001
From: mhmdanas <triallax@tutanota.com>
Date: Sun, 3 Jul 2022 23:55:28 +0300
Subject: [PATCH] Use minimum required permissions for GitHub workflows

This reduces the attack surface if the workflows are ever compromised.
---
 .github/workflows/ci.yml   | 3 +++
 .github/workflows/docs.yml | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fdfa9f2c9..3390a95e1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,9 @@ on:
       - master
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index ca41ad4fd..f62134378 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -5,6 +5,10 @@ on:
     branches:
       - master
 
+permissions:
+  # The generated docs are written to the `gh-pages` branch.
+  contents: write
+
 jobs:
   build-and-deploy-docs:
     runs-on: ubuntu-latest