From a1a76fe0a0ed5b6fad781adef0942d7d4b8a741c Mon Sep 17 00:00:00 2001
From: Helber Belmiro <helber.belmiro@gmail.com>
Date: Thu, 16 Apr 2026 10:57:42 -0300
Subject: [PATCH] Set appropriate content permissions for workflows

Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>
---
 .github/workflows/integration-tests.yaml | 3 +++
 .github/workflows/release.yaml           | 4 +++-
 .github/workflows/unit-tests.yaml        | 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml
index 5816fd5..c5828ac 100644
--- a/.github/workflows/integration-tests.yaml
+++ b/.github/workflows/integration-tests.yaml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   integration-tests:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e445d69..80d3946 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -6,7 +6,7 @@ on:
       - "v*.*.*"
 
 permissions:
-  contents: write
+  contents: read
 
 jobs:
   build-linux-amd64:
@@ -162,6 +162,8 @@ jobs:
   release:
     needs: [build-linux-amd64, build-linux-arm64, build-windows-amd64, build-windows-arm64, build-macos-amd64, build-macos-arm64]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Download all artifacts
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml
index 760b2e0..763e79a 100644
--- a/.github/workflows/unit-tests.yaml
+++ b/.github/workflows/unit-tests.yaml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   go:
     runs-on: ubuntu-latest