From cc25f26d961723ee35142d07ae4466a117c30f9e Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Thu, 29 May 2025 11:17:23 -0500
Subject: [PATCH] fix: add permissions to ci actions workflow

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/workflows/ci.yml      | 2 ++
 .github/workflows/release.yml | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cdb56eb..a68a81f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,7 @@
 name: CI
 on: [push, pull_request]
+permissions:
+  contents: read
 jobs:
   build:
     name: Test on Ruby ${{ matrix.ruby_version }}, Rails ${{ matrix.rails_version }}, graphql-ruby ${{ matrix.graphql_version }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 225d283..49c8b65 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,12 +3,12 @@ on:
   release:
     types: [published]
   workflow_dispatch:
+permissions:
+  contents: write
+  id-token: write
 jobs:
   release:
     name: Release to RubyGems
-    permissions:
-      contents: write
-      id-token: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4