From ea604fb0201400d85bb735edf76b56c974f97fd5 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Fri, 2 Feb 2024 15:51:09 +0100
Subject: [PATCH] chore: specify permissions in the pipeline

---
 .github/workflows/ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4019e89bcc..f39eeb6603 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,6 +4,9 @@ on:
 - pull_request
 - push
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -185,6 +188,9 @@ jobs:
         retention-days: 1
 
   coverage:
+    permissions:
+      checks: write  # for coverallsapp/github-action to create new checks
+      contents: read  # for actions/checkout to fetch code
     needs: test
     runs-on: ubuntu-latest
     steps: