From 5f2c2f8b519c957df30992b39ee2979ca47624e9 Mon Sep 17 00:00:00 2001
From: Christian Galsterer <christian.galsterer@gmx.de>
Date: Tue, 24 Oct 2023 16:14:32 +0200
Subject: [PATCH] build: minimize required github actions workflow permisson

---
 .github/workflows/build.yaml | 4 +++-
 .github/workflows/snyk.yaml  | 3 ---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 51b5f59..3f94ed4 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -8,7 +8,9 @@ on:
   pull_request:
     branches:
       - 'main'
-    
+permissions:
+  contents: read    
+
 jobs:
   ci:
     strategy:
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
index 5a3aa3f..f310fc6 100644
--- a/.github/workflows/snyk.yaml
+++ b/.github/workflows/snyk.yaml
@@ -15,8 +15,6 @@ permissions:
 
 jobs:
   pre_snyk:
-    permissions:
-      contents: read # for actions/checkout to fetch code
     runs-on: ubuntu-latest
     outputs:
       any_changed: ${{ steps.changed-files.outputs.any_changed }}
@@ -36,7 +34,6 @@ jobs:
     needs: pre_snyk
     if: ${{ needs.pre_snyk.outputs.any_changed == 'true' }}
     permissions:
-      contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     runs-on: ubuntu-latest