Add explicit permissions for workflow security

Set minimal read-only permissions for GITHUB_TOKEN to follow security best practices and fix CodeQL alert. Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
2026-04-25 22:34:56 +00:00 · 2025-12-24 22:31:16 +00:00
parent 8415af36e4
commit c9de59a9e3
1 changed files with 5 additions and 0 deletions
--- a/.github/workflows/cpp-build.yml
+++ b/.github/workflows/cpp-build.yml
@@ -15,10 +15,15 @@ on:
      - '.github/workflows/cpp-build.yml'
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  check-implementation:
    name: Check C++ Implementation Status
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    outputs:
      has_sources: ${{ steps.check.outputs.has_sources }}
    steps: