From be67523fd3a16baa55f0882830deb23dcc6f125d Mon Sep 17 00:00:00 2001
From: Arpit Jain <arpitjain099@gmail.com>
Date: Wed, 3 Jun 2026 08:15:18 +0900
Subject: [PATCH] ci: declare workflow-level contents: read on frontend-lint

frontend-lint only checks out the repo and lints, so contents: read is sufficient. Dropped the pr-title-lint change: it calls the lfx-ui _pr-title-lint reusable workflow which needs pull-requests access to read PR metadata, so capping the caller to contents: read would break it (per the Bugbot review).

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
---
 .github/workflows/frontend-lint.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/frontend-lint.yml b/.github/workflows/frontend-lint.yml
index 7e9f9e76e9..4625c1ad71 100644
--- a/.github/workflows/frontend-lint.yml
+++ b/.github/workflows/frontend-lint.yml
@@ -5,6 +5,9 @@ on:
     paths:
       - 'frontend/**'
 
+permissions:
+  contents: read
+
 jobs:
   lint-frontend:
     runs-on: ubuntu-latest