From 48d34010711acb5dcdeb4069ce2a8d647d2d28fd Mon Sep 17 00:00:00 2001
From: Step Security <bot@stepsecurity.io>
Date: Wed, 8 Sep 2021 22:18:16 +0000
Subject: [PATCH] Restrict permissions for the GITHUB_TOKEN in
 .github/workflows/ci.yml

---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 64914a0..a718fbc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,8 @@ on: [push]
 
 jobs:
   sanity-checks:
+    permissions:
+      contents: read
     name: Sanity Checks
     runs-on: ubuntu-latest
     steps:
@@ -22,6 +24,8 @@ jobs:
       - run: npm run lint
       - run: npm test -- --ci --coverage
   release:
+    permissions:
+      contents: write
     needs: sanity-checks
     runs-on: ubuntu-latest
     if: "github.ref == 'refs/heads/master' && !contains(toJSON(github.event.commits.*.message), '[skip-ci]')"