From 8b5c9e9047c0e874e06b909f34898558d99317aa Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Sat, 24 Sep 2022 07:39:07 +0530
Subject: [PATCH] Explicity set github actions permissions to read only

---
 .github/workflows/ci.yml           | 2 ++
 .github/workflows/translations.yml | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8557547029..93d8705156 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,7 @@
 name: CI
 on: [push, pull_request]
+permissions:
+    contents: read # to fetch code (actions/checkout)
 
 jobs:
     test:
diff --git a/.github/workflows/translations.yml b/.github/workflows/translations.yml
index 470fee7f9b..683ad26f18 100644
--- a/.github/workflows/translations.yml
+++ b/.github/workflows/translations.yml
@@ -2,7 +2,8 @@ name: Transifex
 on:
   push:
     branches: [master, ]
-
+permissions:
+    contents: read # to fetch code (actions/checkout)
 
 jobs:
     Push-To-Transifex: