Add explicit permissions to workflow files

rianbk · rianbk · commit f059405bb1c4 · 2026-04-03T11:28:53.000+10:00
Fixes code scanning alerts for missing workflow permissions
by setting least-privilege contents: read.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -2,6 +2,9 @@ name: Publish Homey App
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   publish:
     name: Publish Homey App
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -4,6 +4,9 @@ on:
     branches: [main]
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Validate, Lint & Test
