From e055ee7b8e7a95d5cb41c2cb5bfd3603c67b516c Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Tue, 27 Sep 2022 15:43:37 +0200
Subject: [PATCH] GitHub Workflows security hardening (#3094)

---
 .github/workflows/build.yml      | 3 +++
 .github/workflows/pre-commit.yml | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ffe5ea193c9..8825bdf389f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,9 @@
 name: build
 on: [pull_request, push]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index b62f595ebb0..26cf2350d36 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -5,6 +5,8 @@ on:
   pull_request:
   push:
     branches: [master]
+permissions:
+  contents: read # to fetch code (actions/checkout)
 jobs:
   pre-commit:
     runs-on: ubuntu-latest