From 1218d2224d6a2d52762154eba597111e5a77a731 Mon Sep 17 00:00:00 2001
From: Frazer Smith <frazer.dev@outlook.com>
Date: Sun, 1 Jan 2023 09:37:32 +0000
Subject: [PATCH] ci: harden workflows (#232)

---
 .github/workflows/check.yml | 5 +++++
 .github/workflows/test.yml  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 5506139..1e19940 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -6,6 +6,9 @@ on:
       - "main"
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
@@ -17,6 +20,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - uses: actions/setup-node@v3
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ba01dec..110b25c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,9 @@ on:
       - "main"
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   main:
     runs-on: ${{ matrix.os }}
@@ -17,6 +20,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - uses: actions/setup-node@v3
         with: