build: harden tests.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
nipy · effigies · Dec 1, 2022 · Sep 26, 2022 · Sep 26, 2022 · Sep 26, 2022
commit b53d6743d93161d13b431ea14262d7dd14ded2c8
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -29,8 +29,12 @@ concurrency:
   group: tests-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
 jobs:
   build:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -80,6 +84,9 @@ jobs:
 
   stable:
     # Check each OS, all supported Python, minimum versions and latest releases
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+
     runs-on: ${{ matrix.os }}
     strategy:
       matrix: