From 0218035517717da92025922ccd6a76074a71297e Mon Sep 17 00:00:00 2001
From: Nick Osborn <nosborn@users.noreply.github.com>
Date: Thu, 12 Jun 2025 14:09:17 +0800
Subject: [PATCH] Workflow permissions per Scorecard recommendations

---
 .github/workflows/release.yml    | 4 +++-
 .github/workflows/versioning.yml | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5b6ab8c..73939d1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,13 +8,15 @@ on:
       - v*.*.*
 
 permissions:
-  contents: write
+  contents: read
 
 concurrency:
   group: release
 
 jobs:
   create-release:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     steps:
       - name: Clone the repository
diff --git a/.github/workflows/versioning.yml b/.github/workflows/versioning.yml
index 7e79a4d..f02461b 100644
--- a/.github/workflows/versioning.yml
+++ b/.github/workflows/versioning.yml
@@ -9,14 +9,16 @@ on:
       - edited
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 
 concurrency:
   group: versioning
 
 jobs:
   actions-tagger:
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - uses: Actions-R-Us/actions-tagger@330ddfac760021349fef7ff62b372f2f691c20fb # v2.0.3