From e4c986131f08ada761ea92c9f9e85c6dab5faa74 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Thu, 25 Apr 2024 21:26:41 -0700
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#103)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/build.yml   | 3 +++
 .github/workflows/testacc.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f2acf05b..0d13ff5b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,6 +23,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
   
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-22.04
diff --git a/.github/workflows/testacc.yml b/.github/workflows/testacc.yml
index e2adc435..25344855 100644
--- a/.github/workflows/testacc.yml
+++ b/.github/workflows/testacc.yml
@@ -23,6 +23,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-testacc
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   testacc:
     name: Acceptance Test