ci(windows): add minimal permissions block to CI workflow
CodeQL flagged the workflow as missing an explicit permissions declaration (security/code-scanning/61). All jobs are read-only (checkout, install, build, test) — contents: read is sufficient. Matches the workflow-level pattern already used in coverage.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
7f1cb8a92a
commit
75dd2d8e90
|
|
@ -10,6 +10,11 @@ concurrency:
|
|||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
# Minimal token scope — all jobs only checkout, install, build, and test.
|
||||
# None of them push code, comment on PRs, or call mutating GitHub APIs.
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
name: Lint
|
||||
|
|
|
|||
Loading…
Reference in New Issue