.github: allow only read permission in sonar-check.yml

weizhouapache · weizhouapache · commit 0457cc559e0b · 2023-02-23T13:47:48.000+01:00
diff --git a/.github/workflows/sonar-check.yml b/.github/workflows/sonar-check.yml
@@ -19,6 +19,9 @@ name: Sonar Quality Check
 
 on: [pull_request_target]
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
