From f55da1f445c49c22a14391525240c270cdf9af0b Mon Sep 17 00:00:00 2001
From: Bart Koelman <10324372+bkoelman@users.noreply.github.com>
Date: Mon, 18 Sep 2023 01:10:04 +0200
Subject: [PATCH] GitHub Actions: Reduce permissions to guard against malicious
 3rd party actions

---
 .github/workflows/build.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f3e1dd388d..861270a728 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -35,6 +35,8 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
     - name: Setup PostgreSQL
       uses: ikalnytskyi/action-setup-postgres@v4
@@ -152,6 +154,8 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
     - name: Git checkout
       uses: actions/checkout@v3
@@ -201,6 +205,8 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
     - name: Git checkout
       uses: actions/checkout@v3