From 00cf5ed4c72bd0de62422ffacd0a891368e048c5 Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Thu, 22 Sep 2022 22:03:59 +0200
Subject: [PATCH] GitHub Workflows security hardening (#6353)

* build: harden wasm-release.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden wasm.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/wasm-release.yml | 3 +++
 .github/workflows/wasm.yml         | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/wasm-release.yml b/.github/workflows/wasm-release.yml
index 255de7dc5..c34571784 100644
--- a/.github/workflows/wasm-release.yml
+++ b/.github/workflows/wasm-release.yml
@@ -12,6 +12,9 @@ defaults:
 env:
   EM_VERSION: 3.1.15
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   publish:
     name: Publish
diff --git a/.github/workflows/wasm.yml b/.github/workflows/wasm.yml
index bd76c8033..418438635 100644
--- a/.github/workflows/wasm.yml
+++ b/.github/workflows/wasm.yml
@@ -12,6 +12,9 @@ defaults:
 env:
   EM_VERSION: 3.1.15
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   check:
     name: Check