fix: add explicit permissions to GitHub workflows

jleni · jleni · commit 879522918131 · 2025-07-20T17:37:12.000+02:00
Address security warnings by adding explicit GITHUB_TOKEN permissions:
- ci-ts.yaml: contents: read (minimal permissions for CI)
- publish.yml: contents: read, packages: write (for npm publishing)

This follows GitHub security best practices to limit token permissions.
diff --git a/.github/workflows/ci-ts.yaml b/.github/workflows/ci-ts.yaml
@@ -12,6 +12,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   ts-checks:
     uses: zondax/_workflows/.github/workflows/_checks-ts.yaml@main
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -14,6 +14,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: false
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   publish-npm:
     uses: zondax/_workflows/.github/workflows/_publish-npm.yaml@main
