From 22fb696f2507f5bf33b1263dc45f4e73aac63201 Mon Sep 17 00:00:00 2001
From: Manuel <30572287+manuel-rw@users.noreply.github.com>
Date: Sat, 22 Nov 2025 11:39:45 +0100
Subject: [PATCH] ci(security): missing permissions for workflow (#4474)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/code-quality.yml        | 2 ++
 .github/workflows/crowdin-upload.yml      | 2 ++
 .github/workflows/update-contributors.yml | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
index 0f504353c..4159cdb6b 100644
--- a/.github/workflows/code-quality.yml
+++ b/.github/workflows/code-quality.yml
@@ -1,4 +1,6 @@
 name: "[Quality] Code Analysis"
+permissions:
+  contents: read
 
 on:
   pull_request:
diff --git a/.github/workflows/crowdin-upload.yml b/.github/workflows/crowdin-upload.yml
index 6212ba64c..5b46a7bf9 100644
--- a/.github/workflows/crowdin-upload.yml
+++ b/.github/workflows/crowdin-upload.yml
@@ -1,4 +1,6 @@
 name: "[Crowdin] Upload translations"
+permissions:
+  contents: read
 
 on:
   workflow_dispatch:
diff --git a/.github/workflows/update-contributors.yml b/.github/workflows/update-contributors.yml
index 4363ab92a..df879b334 100644
--- a/.github/workflows/update-contributors.yml
+++ b/.github/workflows/update-contributors.yml
@@ -9,6 +9,8 @@ env:
   GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
   CROWDIN_TOKEN: "${{ secrets.CROWDIN_UPDATE_CONTRIBUTORS_TOKEN }}"
 
+permissions:
+  contents: read
 jobs:
   update-contributors:
     runs-on: ubuntu-latest