From 56c48206a8a13a6d0831d04429cb85a53a50f417 Mon Sep 17 00:00:00 2001
From: Qiao Han <qiao@supabase.io>
Date: Wed, 26 Nov 2025 17:49:55 +0800
Subject: [PATCH] chore: reduce scope of install perms

---
 .github/workflows/install.yml | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml
index ef47a24e9..51b00645e 100644
--- a/.github/workflows/install.yml
+++ b/.github/workflows/install.yml
@@ -3,23 +3,25 @@ name: Install
 on:
   pull_request:
     paths:
-      - '.github/workflows/install.yml'
-      - 'package.json'
-      - 'scripts/**'
+      - ".github/workflows/install.yml"
+      - "package.json"
+      - "scripts/**"
   push:
     branches:
       - develop
     paths:
-      - '.github/workflows/install.yml'
-      - 'package.json'
-      - 'scripts/**'
+      - ".github/workflows/install.yml"
+      - "package.json"
+      - "scripts/**"
 
 permissions:
-  contents: write
+  contents: read
 
 jobs:
   pack:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v6