From 627a50ffc2dbbe20303b9f50a9b186eb4bf2cd1b Mon Sep 17 00:00:00 2001
From: "Jason M. Gates" <jmgate@sandia.gov>
Date: Wed, 3 Jul 2024 18:01:52 -0600
Subject: [PATCH] ci: Restrict CI permissions to read

https://github.com/sandialabs/staged-script/security/code-scanning/20
---
 .github/workflows/continuous-integration.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index e4ffa87..23aae1d 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -11,6 +11,9 @@ defaults:
   run:
     shell: bash
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -52,6 +55,7 @@ jobs:
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
+
       - name: Check documentation spelling
         run: make spelling
         working-directory: ./doc