From 80a1578beb21e13138a2f4b9810e1ffbe1c7a534 Mon Sep 17 00:00:00 2001
From: MuneebAijaz <muneebaijaz11@gmail.com>
Date: Tue, 20 Aug 2024 18:20:06 +0500
Subject: [PATCH] permissions

---
 .github/workflows/pull_request.yaml | 7 +++++--
 .github/workflows/push.yaml         | 4 ++++
 .github/workflows/release.yaml      | 4 ++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index b06c3d5..96dbde7 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -28,15 +28,18 @@ jobs:
       MD_CONFIG: .github/md_config.json
       DOC_SRC: README.md
       MD_LINT_CONFIG: .markdownlint.yaml
+
   build:
+
+    permissions:
+      contents: read
+
     runs-on: ubuntu-latest
     name: Build
-    if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
     steps:
     - name: Check out code
       uses: actions/checkout@v4
       with:
-        token: ${{ secrets.STAKATER_GITHUB_TOKEN }}
         ref: ${{github.event.pull_request.head.sha}}
         fetch-depth: 0
 
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index 5999ce5..e4ab811 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -17,6 +17,10 @@ env:
 
 jobs:
   build:
+
+    permissions:
+      contents: read
+
     name: Build
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index dda7b45..fd54c25 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -15,6 +15,10 @@ env:
 
 jobs:
   build:
+
+    permissions:
+      contents: read
+
     name: GoReleaser build
     runs-on: ubuntu-latest