From 6e7b6d866fd2887247a49609f0d7afdfb2ed7e87 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@axim.org>
Date: Fri, 10 Oct 2025 10:43:37 -0400
Subject: [PATCH] fix: explicityl set workflows that don't need write access to
 read-only

This came from a github security advisory suggestion but makes sense given that this workflow dosen't need to push content back.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/unit-tests.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
index 05e5f47d1a..a49bd74f6f 100644
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -1,4 +1,6 @@
 name: unit-tests
+permissions:
+  contents: read
 
 on:
   pull_request: