chore: Add permissions to workflows (#166)

Unshure · web-flow · commit ffc7c5e68a50 · 2025-06-03T12:49:36.000-04:00
* Update pr-and-push.yml

* Update pypi-publish-on-release.yml
diff --git a/.github/workflows/pr-and-push.yml b/.github/workflows/pr-and-push.yml
@@ -13,5 +13,7 @@ concurrency:
 jobs:
   call-test-lint:
     uses: ./.github/workflows/test-lint.yml
+    permissions:
+      contents: read
     with:
-      ref: ${{ github.event.pull_request.head.sha }}
+      ref: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/pypi-publish-on-release.yml b/.github/workflows/pypi-publish-on-release.yml
@@ -13,6 +13,8 @@ jobs:
 
   build:
     name: Build distribution 📦
+    permissions:
+      contents: read
     needs:
       - call-test-lint
     runs-on: ubuntu-latest
@@ -55,6 +57,8 @@ jobs:
 
   deploy:
     name: Upload release to PyPI
+    permissions:
+      contents: read
     needs:
     - build
     runs-on: ubuntu-latest
@@ -75,4 +79,4 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@release/v1
