CI: Restrict default permissions

tacaswell · tacaswell · commit ddb5781d5880 · 2025-07-17T23:25:07.000-04:00
Reduces risk of arbitrary code is run by attacker.
diff --git a/.github/workflows/basemap-data-hires.yml b/.github/workflows/basemap-data-hires.yml
@@ -1,4 +1,6 @@
 name: basemap-data-hires
+permissions:
+  contents: read
 
 env:
   PKGDIR: "packages/basemap_data_hires"
diff --git a/.github/workflows/basemap-data.yml b/.github/workflows/basemap-data.yml
@@ -1,4 +1,6 @@
 name: basemap-data
+permissions:
+  contents: read
 
 env:
   PKGDIR: "packages/basemap_data"
diff --git a/.github/workflows/basemap-for-manylinux.yml b/.github/workflows/basemap-for-manylinux.yml
@@ -1,4 +1,6 @@
 name: basemap-for-manylinux
+permissions:
+  contents: read
 
 env:
   PKGDIR: "packages/basemap"
diff --git a/.github/workflows/basemap-for-windows.yml b/.github/workflows/basemap-for-windows.yml
@@ -1,4 +1,6 @@
 name: basemap-for-windows
+permissions:
+  contents: read
 
 env:
   PKGDIR: "packages/basemap"
