Potential fix for code scanning alerts: Workflow does not contain permissions (#17)

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update pr-build.yml to exclude test results if not a push

Permissions are tightened to the point that the Publish test results step will fail on a PR now. It wouldn't do anything for a PR build in the past (except waste CPU cycles) So, this fix just skips the step entirely for PR builds.

* Update pr-build.yml to fix syntax

Updated syntax of condition cuz, ya know. it's not like there's anything to catch errors ahead of time... [Sigh!] 🤦

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: smaillet

.github/workflows/pr-build.yml

@@ -1,4 +1,6 @@
 name: CI-Build
+permissions:
+  contents: read
 defaults:
     run:
         shell: pwsh
@@ -38,6 +40,7 @@ jobs:
 
       - name: Publish Test Results
         uses: EnricoMi/publish-unit-test-result-action/windows@v2
+        if: ${{  github.event_name == 'push' }}
         with:
           files: BuildOutput/Test-Results/*.trx
 

.github/workflows/release-build.yml

@@ -1,4 +1,9 @@
 name: Release-Build
+permissions:
+  contents: write
+  pages: write
+  packages: write
+  actions: read
 defaults:
   run:
     shell: pwsh