Add a top-level `permissions: contents: read` block so the smoke-test workflow no longer inherits the repository default token permissions. Resolves CodeQL actions/missing-workflow-permissions.
@@ -15,6 +15,9 @@ on:
- "deploy/**"
- ".github/workflows/smoke.yml"
+permissions:
+ contents: read
+
jobs:
noninteractive-install:
strategy:
MHSanaei