From 23f1c577de071571277ced86e9e6ad1e590a95e8 Mon Sep 17 00:00:00 2001
From: danthe1st <daniel@wwwmaster.at>
Date: Mon, 25 Aug 2025 19:39:28 +0200
Subject: [PATCH] add workflow permissions

---
 .github/workflows/build.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 477c95034..e90bf7d5b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,6 +8,8 @@ on: [push, pull_request, workflow_dispatch]
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v4
       - name: Set up JDK 17
@@ -23,6 +25,8 @@ jobs:
         run: ./gradlew test
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     needs: build
     if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' }}
     steps: