From 7c01254c5a68439612648645f3618d1a511a340d Mon Sep 17 00:00:00 2001
From: "Sean T. Allen" <sean@seantallen.com>
Date: Sun, 26 Jan 2025 15:21:37 +0000
Subject: [PATCH] Add minimal permissions to some actions workflows

---
 .github/workflows/prepare-for-a-release.yml | 4 ++++
 .github/workflows/release-notes.yml         | 4 ++++
 .github/workflows/release.yml               | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/.github/workflows/prepare-for-a-release.yml b/.github/workflows/prepare-for-a-release.yml
index c1debd97..d18e025d 100644
--- a/.github/workflows/prepare-for-a-release.yml
+++ b/.github/workflows/prepare-for-a-release.yml
@@ -6,6 +6,10 @@ on:
 
 concurrency: prepare-for-a-release
 
+permissions:
+  packages: read
+  contents: write
+
 jobs:
   # all tasks that need to be done before we add an X.Y.Z tag
   # should be done as a step in the pre-tagging job.
diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
index c358cfbe..0f9e100c 100644
--- a/.github/workflows/release-notes.yml
+++ b/.github/workflows/release-notes.yml
@@ -10,6 +10,10 @@ on:
       - .release-notes/next-release.md
       - .release-notes/\d+.\d+.\d+.md
 
+permissions:
+  packages: read
+  contents: write
+
 jobs:
   release-notes:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 53a8022a..9db08ce8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,10 @@ on:
 
 concurrency: release
 
+permissions:
+  packages: write
+  contents: write
+
 jobs:
   # validation to assure that we should in fact continue with the release should
   # be done here. the primary reason for this step is to verify that the release