From 36dc86ff8ca178730b98c84e172aa61c5b5607cd Mon Sep 17 00:00:00 2001
From: Geoff Seemueller <gseemueller@gmail.com>
Date: Thu, 9 Jan 2025 18:11:31 -0500
Subject: [PATCH] Set read permissions for workflows in tests and publish

Added `contents: read` and `pull-requests: read` permissions to the `tests` and `publish` GitHub workflows. This enhances security by explicitly defining the required permissions for these jobs.
---
 .github/workflows/publish.yml | 3 +++
 .github/workflows/tests.yml   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index ffd7251..6ece228 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,6 +6,9 @@ on:
 
 jobs:
   publish:
+    permissions:
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index f7526d6..a72f6e3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,6 +9,9 @@ on:
 
 jobs:
   tests:
+    permissions:
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4