From 0c03ff8f391ad15ab18b753757f14484b6f7ea3d Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Mon, 31 Oct 2022 18:22:53 +0200
Subject: [PATCH] GitHub Workflows security hardening (#7136)

build: harden pip.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/pip.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml
index 1bbd0a370503..f74ca17ead39 100644
--- a/.github/workflows/pip.yml
+++ b/.github/workflows/pip.yml
@@ -17,6 +17,9 @@ concurrency:
 env:
   LLVM_VER: 15.0.1
 
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   pip-linux:
     name: Package Halide Python bindings