From 47008d97d5c280d4d54a77382097a2d911819405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NEDJAR?= <sebastien@nedjar.com>
Date: Sat, 28 Mar 2026 16:12:37 +0100
Subject: [PATCH] ci: Add explicit permissions to CI workflows.

---
 .github/workflows/check-commits.yml | 3 +++
 .github/workflows/python-linter.yml | 3 +++
 .github/workflows/tests.yml         | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/check-commits.yml b/.github/workflows/check-commits.yml
index 48cb13a7..49388949 100644
--- a/.github/workflows/check-commits.yml
+++ b/.github/workflows/check-commits.yml
@@ -10,6 +10,9 @@ on:
     branches:
       - "main"
 
+permissions:
+  contents: read
+
 jobs:
   check-commit-messages:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/python-linter.yml b/.github/workflows/python-linter.yml
index 24b524cd..0f419fcf 100644
--- a/.github/workflows/python-linter.yml
+++ b/.github/workflows/python-linter.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: ["main"]
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b0d3613a..dda8223a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: ["main"]
 
+permissions:
+  contents: read
+
 jobs:
   mock-tests:
     runs-on: ubuntu-latest