Reduce GitHub Action permissions

mpkorstanje · mpkorstanje · commit 4acb7b918b6e · 2026-03-11T15:28:57.000+01:00
See: * https://docs.zizmor.sh/audits/#excessive-permissions
diff --git a/.github/workflows/release-github.yaml b/.github/workflows/release-github.yaml
@@ -1,5 +1,7 @@
 name: Release GitHub
 
+permissions: {}
+
 on:
   push:
     branches: [release/*]
diff --git a/.github/workflows/release-mvn.yml b/.github/workflows/release-mvn.yml
@@ -1,5 +1,7 @@
 name: Release Maven
 
+permissions: {}
+
 on:
   push:
     branches: [release/*]
diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml
@@ -1,18 +1,19 @@
 name: Release NPM
 
+permissions: {}
+
 on:
   push:
     branches: [release/*]
 
-permissions:
-  id-token: write
-  contents: read
-
 jobs:
   publish-npm:
     name: Publish NPM module
     runs-on: ubuntu-latest
     environment: Release
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
diff --git a/.github/workflows/test-java.yml b/.github/workflows/test-java.yml
@@ -1,5 +1,7 @@
 name: test-java
 
+permissions: {}
+
 on:
   push:
     branches:
diff --git a/.github/workflows/test-javascript.yml b/.github/workflows/test-javascript.yml
@@ -1,5 +1,7 @@
 name: test-javascript
 
+permissions: {}
+
 on:
   push:
     branches:
