From b7e3413a33d1941669df6f0d1c55ccbcdcecd783 Mon Sep 17 00:00:00 2001
From: Otto Winter <otto@otto-winter.com>
Date: Sat, 23 Oct 2021 21:57:26 +0200
Subject: [PATCH] Constrain GH Actions workflows permissions (#1567)

---
 .github/workflows/docker.yml | 4 ++++
 .github/workflows/lint.yml   | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 8efb27b75..0c89c7351 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -10,6 +10,10 @@ on:
       - Dockerfile
       - .github/workflows/docker.yml
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 87988c5c3..e8ac7e289 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -7,6 +7,9 @@ on:
 
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest