From 31810a9fc1cb1b63995648033574ffe6746c7baa Mon Sep 17 00:00:00 2001
From: Tim Meusel <tim@bastelfreak.de>
Date: Tue, 5 Aug 2025 15:31:25 +0200
Subject: [PATCH] CI: Set minimal token permissions

---
 .github/workflows/build.yml                 | 3 +++
 .github/workflows/component_diff_check.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8e38b325..bcb057b1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,6 +16,9 @@ on:
         required: false
         type: string
 
+permissions:
+  contents: read # minimal required permissions to clone repo
+
 jobs:
   build:
     uses: 'openvoxproject/shared-actions/.github/workflows/build_vanagon.yml@main'
diff --git a/.github/workflows/component_diff_check.yaml b/.github/workflows/component_diff_check.yaml
index 9e4a62b7..d9810873 100644
--- a/.github/workflows/component_diff_check.yaml
+++ b/.github/workflows/component_diff_check.yaml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # minimal required permissions to clone repo
+
 jobs:
   vanagon_component_diff_check:
     runs-on: ubuntu-24.04