From ab28e884491b3b8b0fde3b324f57903628fd89c4 Mon Sep 17 00:00:00 2001
From: Taketo Takashima <t.taketo1113@gmail.com>
Date: Mon, 2 Mar 2026 12:05:26 +0900
Subject: [PATCH] Restrict GitHub Actions workflow permissions to contents:
 read

---
 .github/workflows/ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a5fc81f1..abd85685 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,8 @@ on:
   pull_request:
   push:
     branches: [ main ]
+permissions:
+  contents: read
 jobs:
   test:
     runs-on: ${{ matrix.os }}