From d92ba285cfe89d11f132b081580ac80cd8901b00 Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Sat, 10 May 2025 01:02:58 +0200
Subject: [PATCH] tools: add read permission to workflows that read contents

Not having this permission is OK because the repo is public, but
on private forks, it fails the checkout step.
---
 .github/workflows/lint-release-proposal.yml | 1 +
 .github/workflows/notify-on-push.yml        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/lint-release-proposal.yml b/.github/workflows/lint-release-proposal.yml
index 9d8ba5998a7a5c..88bbd5d4e9b068 100644
--- a/.github/workflows/lint-release-proposal.yml
+++ b/.github/workflows/lint-release-proposal.yml
@@ -20,6 +20,7 @@ jobs:
   lint-release-commit:
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: read
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
diff --git a/.github/workflows/notify-on-push.yml b/.github/workflows/notify-on-push.yml
index 14b184deb515c2..2b85784d56898b 100644
--- a/.github/workflows/notify-on-push.yml
+++ b/.github/workflows/notify-on-push.yml
@@ -32,6 +32,7 @@ jobs:
     if: github.repository == 'nodejs/node'
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: write
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2