mirror of
https://github.com/langchain-ai/langchain-postgres.git
synced 2026-07-15 04:17:52 -04:00
5f64369133
## Summary - Adds top-level `permissions: contents: read` to all four workflow files (`ci.yml`, `_lint.yml`, `_test.yml`, `_release.yml`) - Follows GitHub's [security hardening best practice](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-the-permissions-key) of setting restrictive default permissions - The release workflow already had per-job elevated permissions (`id-token: write` for trusted publishing, `contents: write` for tagging) — those are preserved ## Test plan - [ ] CI lint job passes - [ ] CI test job passes - [ ] Verify release workflow still has correct per-job permissions for publishing and tagging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>