From 26dccc82e4322df1595f6297d33caeff7e5febcb Mon Sep 17 00:00:00 2001
From: Ismael Azaran <eazaran@gmail.com>
Date: Tue, 14 Apr 2026 22:06:12 +0400
Subject: [PATCH] ci: add read-only contents permissions to workflow files

---
 .github/workflows/code-analysis.yml | 3 +++
 .github/workflows/tests.yml         | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/code-analysis.yml b/.github/workflows/code-analysis.yml
index 338c21a..27e8fdb 100644
--- a/.github/workflows/code-analysis.yml
+++ b/.github/workflows/code-analysis.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ main, master ]
 
+permissions:
+  contents: read
+
 jobs:
   coverage:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0c3d0df..fe5d675 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ main, master ]
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest