ci(windows): add minimal permissions block to CI workflow

CodeQL flagged the workflow as missing an explicit permissions
declaration (security/code-scanning/61). All jobs are read-only
(checkout, install, build, test) — contents: read is sufficient.
Matches the workflow-level pattern already used in coverage.yml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Priyanshu Choudhary 2026-05-05 02:12:42 +05:30
parent 7f1cb8a92a
commit 75dd2d8e90
1 changed files with 5 additions and 0 deletions

View File

@ -10,6 +10,11 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Minimal token scope — all jobs only checkout, install, build, and test.
# None of them push code, comment on PRs, or call mutating GitHub APIs.
permissions:
contents: read
jobs:
lint:
name: Lint