From b065cee58c9c7b548b32eb8356768cc53c882233 Mon Sep 17 00:00:00 2001
From: Geoff Seemueller <gseemueller@gmail.com>
Date: Thu, 9 Jan 2025 18:21:22 -0500
Subject: [PATCH] enable commit signing

Set explicit permissions for GitHub Actions workflows

Added `contents: read` and `pull-requests: read` permissions to the `publish` and `tests` workflows. This ensures the workflows operate under the principle of least privilege, enhancing security.
---
 .github/workflows/publish.yml | 3 +++
 .github/workflows/tests.yml   | 3 +++
 README.md                     | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index ffd7251..6ece228 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,6 +6,9 @@ on:
 
 jobs:
   publish:
+    permissions:
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index f7526d6..a72f6e3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,6 +9,9 @@ on:
 
 jobs:
   tests:
+    permissions:
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/README.md b/README.md
index 9947141..2610763 100644
--- a/README.md
+++ b/README.md
@@ -207,3 +207,5 @@ This tool requires a git repository to function properly as it uses `git ls-file
 Version 3, 19 November 2007
 © 2024 Geoff Seemueller
 
+
+