From fec429e1b952405dc539dea93b44ffa4151490a8 Mon Sep 17 00:00:00 2001
From: Greg Tucker <greg.b.tucker@intel.com>
Date: Fri, 28 Oct 2022 17:05:01 -0700
Subject: [PATCH] build: Add top-level read-only permissions to ci actions

This is recommended by ossf scorecard:
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

Change-Id: I48a36cc6625fa3f1e6babb9edbe81c9522f41a13
Signed-off-by: Greg Tucker <greg.b.tucker@intel.com>
---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5adbabd..a0c49f4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,6 +8,9 @@ on:
     tags:
       - "*"
 
+permissions:
+  contents: read
+
 jobs:
   check_format:
     runs-on: ubuntu-latest