From 51de51baa0126c944dab3e5103ebd0d097db71b1 Mon Sep 17 00:00:00 2001
From: Arunavo Ray <rayanup3@gmail.com>
Date: Thu, 12 Jun 2025 10:13:41 +0530
Subject: [PATCH] feat: add permissions section to workflows for consistent
 access control

---
 .github/workflows/astro-build-test.yml | 4 ++++
 .github/workflows/docker-scan.yml      | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/astro-build-test.yml b/.github/workflows/astro-build-test.yml
index e6e226c..f874d3a 100644
--- a/.github/workflows/astro-build-test.yml
+++ b/.github/workflows/astro-build-test.yml
@@ -12,6 +12,10 @@ on:
       - 'README.md'
       - 'docs/**'
 
+permissions:
+  contents: read
+  actions: read
+
 jobs:
   build-and-test:
     name: Build and Test Astro Project
diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 90eb88c..6aa713c 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -18,6 +18,10 @@ on:
   schedule:
     - cron: '0 0 * * 0'  # Run weekly on Sunday at midnight
 
+permissions:
+  contents: read
+  actions: read
+
 jobs:
   scan:
     name: Scan Docker Image