From eb184a9f7d10b14cc8e4feed1d9e174d9a2ad29e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABlle=20Huisman?= <danielle@huisman.me>
Date: Mon, 25 Aug 2025 15:36:39 +0200
Subject: [PATCH] ci: add website workflow permissions

---
 .github/workflows/website.yml | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml
index dddcb77..639a14e 100644
--- a/.github/workflows/website.yml
+++ b/.github/workflows/website.yml
@@ -5,6 +5,9 @@ on:
         branches:
             - main
 
+permissions:
+    contents: read
+
 concurrency:
     group: ${{ github.workflow }}-${{ github.ref }}
     cancel-in-progress: false
@@ -13,21 +16,17 @@ jobs:
     website-build:
         name: Build Website
         runs-on: ubuntu-latest
+
         steps:
             - uses: actions/checkout@v4
               with:
                   fetch-depth: 0
 
             - name: Set up Rust toolchain
-              run: |
-                  rustup toolchain install stable --no-self-update --profile minimal
-                  rustup target add wasm32-unknown-unknown
-
-            - name: Set up Rust cache
-              uses: swatinem/rust-cache@v2
+              uses: actions-rust-lang/setup-rust-toolchain@v1
               with:
-                  cache-on-failure: true
-                  save-if: ${{ github.ref == 'refs/heads/main' }}
+                  components: clippy, rustfmt
+                  target: wasm32-unknown-unknown
 
             - name: Install Cargo Binary Install
               uses: cargo-bins/cargo-binstall@main
@@ -54,10 +53,12 @@ jobs:
         needs: website-build
         if: github.ref == 'refs/heads/main'
         runs-on: ubuntu-latest
+
         permissions:
             contents: read
             pages: write
             id-token: write
+
         steps:
             - uses: actions/checkout@v4
               with: