From a8e5b5fefb44df085d72c79c99f4a58b8e1f38f6 Mon Sep 17 00:00:00 2001
From: ilhan007 <ilhan.myumyun@sap.com>
Date: Fri, 15 May 2026 07:21:01 +0300
Subject: [PATCH] chore(ci): add explicit GITHUB_TOKEN permissions to workflows

Add top-level `permissions:` blocks to CI, Deploy, and Lint workflows
to prepare for GitHub's upcoming read-only default GITHUB_TOKEN enforcement.

- ci.yaml: contents: read
- deploy.yml: contents: write (pushes to gh-pages)
- lint.yml: contents: read

codeql-analysis.yml already has job-level permissions and is unchanged.
---
 .github/workflows/ci.yaml    | 4 ++++
 .github/workflows/deploy.yml | 4 ++++
 .github/workflows/lint.yml   | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 64434e8..7160b09 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   Test-and-Build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 749e846..73188fa 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -3,6 +3,10 @@ name: Deploy
 on:
   push:
     branches: [main]
+
+permissions:
+  contents: write
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 5aea3a8..8ef068d 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   Test-and-Build:
     runs-on: ubuntu-latest