Potential fix for code scanning alert no. 1818: Workflow does not contain permissions

[ajay-dhangar]

Potential fix for https://github.com/codeharborhub/codeharborhub.github.io/security/code-scanning/1818

To fix the problem, explicitly restrict the GITHUB_TOKEN permissions in this workflow to the minimum required. Since this job only checks out code and runs Node-based build commands, it only needs read access to repository contents; it does not appear to need write access to any scopes.

The best fix is to add a permissions block at the workflow (root) level so it applies to all jobs, including test-deploy. This should be placed near the top of .github/workflows/test-deploy.yml, alongside name and on. Specifically, add:

permissions:
  contents: read

between the name: Test deployment line and the on: block. No imports or other definitions are needed, and no existing job steps need to change. This will ensure that, even if the repository default is read-write, this workflow’s GITHUB_TOKEN is limited to read-only access to repository contents.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[github-actions]

Great job, @ajay-dhangar! 🎉 Thank you for submitting your pull request to CodeHarborHub. We appreciate your contribution and enthusiasm! Our team will review it soon. If you have any questions or need further assistance, feel free to reach out. Thanks for contributing!

[deepsource-io]

Here's the code health analysis summary for commits ebac5c8..1efd29c. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[github-actions]

⚡️ Lighthouse Report for the Deploy Preview of this PR 🚀

🔗 Site: CodeHarborHub | Live Site

URL 🌐	Performance	Accessibility	Best Practices	SEO	📊
/	🔴 30	🟡 77	🟢 96	🟢 100	📄
/docs	🟡 52	🟡 89	🟡 75	🟢 100	📄
/courses	🟡 55	🟡 88	🟢 96	🟢 100	📄
/showcase	🟡 52	🟡 87	🟢 96	🟡 86	📄
/community	🟡 55	🟡 88	🟢 96	🟢 100	📄