chore: GH workflow permissions (#557)

jkowalleck · web-flow · commit 4390ece571f0 · 2025-05-12T14:05:12.000+02:00
Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
diff --git a/.github/workflows/php-dev.yml b/.github/workflows/php-dev.yml
@@ -24,6 +24,8 @@ concurrency:
   group: '${{ github.workflow }}-${{ github.ref }}'
   cancel-in-progress: true
 
+permissions: {}
+
 env:
   PHP_VERSION_LATEST: "8.4"
   PHP_PROJECT_EXT: dom,json,libxml  # via `composer info -pt`
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -13,6 +13,8 @@ on:
     # this means: at 23:42
     - cron: '42 23 * * *'
 
+permissions: {}
+
 concurrency:
   group: '${{ github.workflow }}-${{ github.ref }}'
   cancel-in-progress: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -26,10 +26,14 @@ name: Release
 on:
   workflow_dispatch
 
+permissions: {}
+
 jobs:
   release:
     name: Release
-    permissions: write-all
+    permissions:
+      id-token: write
+      contents: write  # to create a release
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
