From 90d65bb7d6f4ef14b47778716914b63742fd65a1 Mon Sep 17 00:00:00 2001
From: Thorsten Sommer <SommerEngineering@users.noreply.github.com>
Date: Sun, 22 Mar 2026 14:53:41 +0100
Subject: [PATCH] Added permissions to GitHub Actions jobs (#707)

---
 .github/workflows/build-and-release.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 091faafb..74351c33 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -14,6 +14,8 @@ jobs:
   read_metadata:
     name: Read metadata
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       formatted_version: ${{ steps.format_metadata.outputs.formatted_version }}
       formatted_build_time: ${{ steps.format_metadata.outputs.formatted_build_time }}
@@ -80,6 +82,8 @@ jobs:
   build_main:
     name: Build app (${{ matrix.dotnet_runtime }})
     needs: read_metadata
+    permissions:
+      contents: read
     
     strategy:
       fail-fast: true
@@ -703,6 +707,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build_main, read_metadata]
     if: startsWith(github.ref, 'refs/tags/v')
+    permissions: {}
     steps:
       - name: Create artifact directory
         run: mkdir -p $GITHUB_WORKSPACE/artifacts