From 2d9334a1ee48cb9bdeebfc84b69dc067fe63563d Mon Sep 17 00:00:00 2001
From: ilhan007 <ilhan.myumyun@sap.com>
Date: Fri, 15 May 2026 07:20:57 +0300
Subject: [PATCH] chore(ci): add explicit GITHUB_TOKEN permissions to workflows

Add top-level `permissions:` blocks to all GitHub Actions workflows
to prepare for the upcoming read-only default GITHUB_TOKEN enforcement.
---
 .github/workflows/ci.yml     | 4 ++++
 .github/workflows/deploy.yml | 4 ++++
 .github/workflows/lint.yml   | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9f3f348..f7ae8d2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   check:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index cea1453..ef5d04a 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -3,6 +3,10 @@ name: Deploy
 on:
   push:
     branches: [ main ]
+
+permissions:
+  contents: write
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 853a561..c95f2d7 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   check:
     runs-on: ubuntu-latest