From 2b7b5f03c79affc2f21124f4d516aa7e21c4dcbf Mon Sep 17 00:00:00 2001
From: Scott Anderson <scottanderson@users.noreply.github.com>
Date: Tue, 13 May 2025 23:26:22 -0400
Subject: [PATCH] Reduce workflow permissions (#748)

Reduce workflow permissions to the minimum required.

Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com>
---
 .github/workflows/ci.yml       | 3 +++
 .github/workflows/deploy.yml   | 2 ++
 .github/workflows/eslint.yml   | 2 ++
 .github/workflows/prettier.yml | 2 ++
 4 files changed, 9 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2135d4f75..c091caed5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,8 @@
 name: 🧪 CI
 on: [push, pull_request]
+
+permissions: {}
+
 jobs:
   build:
     name: Build
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 795c1910a..4e6e7ccd1 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -34,6 +34,8 @@ on:
     branches:
       - "*"
 
+permissions: {}
+
 jobs:
   deploy:
     # Don't deploy on push if this is a fork
diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
index ea20779db..8eb55c70d 100644
--- a/.github/workflows/eslint.yml
+++ b/.github/workflows/eslint.yml
@@ -5,6 +5,8 @@ on:
   push:
     branches: [main]
 
+permissions: {}
+
 jobs:
   eslint:
     name: Check
diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml
index b600e34ef..4d0e1327e 100644
--- a/.github/workflows/prettier.yml
+++ b/.github/workflows/prettier.yml
@@ -5,6 +5,8 @@ on:
   push:
     branches: [main]
 
+permissions: {}
+
 jobs:
   prettier:
     name: Check