ci: fix perms errors

fredleger · fredleger · commit 6783e893bde2 · 2024-02-20T17:00:20.000+01:00
diff --git a/.github/workflows/main-ci.yml b/.github/workflows/main-ci.yml
@@ -13,4 +13,10 @@ jobs:
   ci:
     name: Continuous Integration
     uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      contents: read
+      id-token: write
+      issues: read
+      packages: write
+      pull-requests: read
     secrets: inherit
diff --git a/.github/workflows/pull-request-ci.yml b/.github/workflows/pull-request-ci.yml
@@ -23,4 +23,10 @@ jobs:
   ci:
     name: Continuous Integration
     uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      contents: read
+      id-token: write
+      issues: read
+      packages: write
+      pull-requests: read
     secrets: inherit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -23,6 +23,12 @@ jobs:
     needs: check-branches
     name: Continuous Integration
     uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      contents: read
+      id-token: write
+      issues: read
+      packages: write
+      pull-requests: read
 
   update_release_draft:
     # we want to publish a new tag only if ci succeeds
