From dde24e4612875bce0f9445c49df1c81f6a1a54c3 Mon Sep 17 00:00:00 2001
From: Charles Giessen <charles@lunarg.com>
Date: Thu, 9 Mar 2023 10:39:04 -0700
Subject: [PATCH] Set github actions to only have read only permissions

Because the loader only uses github actions to perform CI runs, it is good to set
the 'read-all' only, helping harden the github actions runners from potentially
compromised access.

For more context
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

Fixes #1148
---
 .github/workflows/build.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e66f1338..3f96cea4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,6 +14,7 @@
 # limitations under the License.
 #
 # Author: Lenny Komow <lenny@lunarg.com>
+# Author: Charles Giessen <charles@lunarg.com>
 
 name: CI Build
 
@@ -23,6 +24,8 @@ on:
         branches:
             - main
 
+permissions: read-all
+
 jobs:
     linux:
         runs-on: ${{matrix.os}}
-- 
2.34.1