[StepSecurity] ci: Harden GitHub Actions (#206)

step-security-bot · web-flow · commit 77353e6cd99d · 2025-06-09T08:12:11.000-07:00
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/workflows/validator-docker.yaml b/.github/workflows/validator-docker.yaml
@@ -12,6 +12,9 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
+permissions:
+  contents: read
+
 jobs:
   push_to_registry:
     name: Push Docker image to Docker Hub
diff --git a/.github/workflows/validator-tests.yaml b/.github/workflows/validator-tests.yaml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   check-schema:
     runs-on: ubuntu-latest
