build: harden pypi-publish.yaml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
redis · dvora-h · Nov 21, 2022 · Nov 3, 2022 · Nov 3, 2022 · Nov 3, 2022
commit d97a5641f89d4d9821236921d40d2d5cc8c9304f
diff --git a/.github/workflows/pypi-publish.yaml b/.github/workflows/pypi-publish.yaml
@@ -4,6 +4,9 @@ on:
   release:
     types: [published]
 
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
 
   build_and_package: