From ccaf614b6bc19ed5a5d4627a405e1f8413742d1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Fr=C3=B6hlich?= <decke@bluelife.at>
Date: Tue, 4 Feb 2025 10:45:06 +0100
Subject: [PATCH] Update release.yaml (#179)

---
 .github/workflows/release.yaml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1722f28..557e040 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -4,9 +4,8 @@ on:
   release:
     types: [created]
 
-permissions:
-    contents: write
-    packages: write
+# Declare default permissions as read only.
+permissions: read-all
 
 jobs:
   releases-matrix:
@@ -16,6 +15,10 @@ jobs:
       matrix:
         goos: [freebsd, linux, windows]
         goarch: [amd64, arm64]
+    permissions:
+        contents: write
+        packages: write
+
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4