From b407d39ee6026c6885cd99a7448e2a9d0eba425e Mon Sep 17 00:00:00 2001
From: Marko Stanojevic <m.stanojevic@outlook.com>
Date: Thu, 5 Feb 2026 21:53:29 +0000
Subject: [PATCH] Add read permissions for contents in CI jobs (private repos)

---
 .github/workflows/ci.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4700407..854f591 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -41,6 +41,8 @@ jobs:
   dependencies:
     name: Dependencies
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       module-list: ${{ steps.resolve.outputs.module-list }}
     steps:
@@ -60,6 +62,7 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     permissions:
+      contents: read
       issues: write
       pull-requests: write
       checks: write
@@ -76,6 +79,7 @@ jobs:
     needs: [dependencies]
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       issues: write
       pull-requests: write
       checks: write
@@ -92,6 +96,7 @@ jobs:
     needs: [dependencies]
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       issues: write
       pull-requests: write
       checks: write