Add workflow permissions for security best practices

Copilot · hsluoyz · Copilot · commit 0ae4bfaeb4cc · 2026-02-02T16:17:38.000Z
Co-authored-by: hsluoyz &lt;3787410+hsluoyz@users.noreply.github.com&gt;
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
@@ -2,6 +2,9 @@ name: Benchmarks
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   benchmark:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,6 +2,9 @@ name: CI
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -22,6 +25,9 @@ jobs:
   coverage:
     needs: [lint]
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/checkout@v3
 
diff --git a/.github/workflows/platform_test.yml b/.github/workflows/platform_test.yml
@@ -2,6 +2,9 @@ name: Platform Test
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   reactjs:
     runs-on: ubuntu-latest
