From e6c50eac277b323e296e2005c4537c318a2e9bc7 Mon Sep 17 00:00:00 2001
From: Nate Maninger <me@n8m.us>
Date: Thu, 23 Feb 2023 18:11:09 -0700
Subject: [PATCH] ci: add read permission

---
 .github/workflows/publish.yml         | 1 +
 .github/workflows/publish_testnet.yml | 1 +
 .github/workflows/test.yml            | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 56dc7c59..653d5372 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -15,6 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      contents: read
     steps:
       - uses: actions/checkout@v3
       - uses: docker/setup-qemu-action@v2
diff --git a/.github/workflows/publish_testnet.yml b/.github/workflows/publish_testnet.yml
index b0ee878b..c6d0734c 100644
--- a/.github/workflows/publish_testnet.yml
+++ b/.github/workflows/publish_testnet.yml
@@ -15,6 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      contents: read
     steps:
       - uses: actions/checkout@v3
       - uses: docker/setup-qemu-action@v2
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b0c65056..c9893f15 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   test:
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     strategy:
       matrix:
         os: [ ubuntu-latest ] # , macos-latest, windows-latest ]