security: Add explicit permissions to workflow jobs

Copilot · hotlong · Copilot · commit a67a9b3eee98 · 2026-01-25T13:54:20.000Z
Co-authored-by: hotlong &lt;50353452+hotlong@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -11,6 +11,9 @@ jobs:
     name: Build and Type Check
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+
     strategy:
       matrix:
         node-version: [18.x, 20.x]
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -10,6 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'pull_request'
 
+    permissions:
+      contents: read
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
