Set github actions to only have read only permissions

Because the loader only uses github actions to perform CI runs, it is good to set
the 'read-all' only, helping harden the github actions runners from potentially
compromised access.

For more context
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

Fixes #1148

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e66f13384270d3244cffe85d734ef1d3972f91e8..3f96cea46b15055969cd165851ab9b4a6e195d7f 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,6 +14,7 @@
 # limitations under the License.
 #
 # Author: Lenny Komow <lenny@lunarg.com>
+# Author: Charles Giessen <charles@lunarg.com>
 
 name: CI Build
 
@@ -23,6 +24,8 @@ on:
         branches:
             - main
 
+permissions: read-all
+
 jobs:
     linux:
         runs-on: ${{matrix.os}}