From 8eddd7c8ed6ecb1165553f326be3464f49d30b36 Mon Sep 17 00:00:00 2001
From: Asif Nawaz <asif.nawaz@centralnic.com>
Date: Wed, 8 Nov 2023 14:27:23 +0000
Subject: [PATCH] ci(workflows): permissions updated in workflows

---
 .github/workflows/auto-merge-dependabot-pr.yml | 12 +++++++-----
 .github/workflows/release.yml                  |  8 +++++++-
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/auto-merge-dependabot-pr.yml b/.github/workflows/auto-merge-dependabot-pr.yml
index e7938377..90d9d683 100644
--- a/.github/workflows/auto-merge-dependabot-pr.yml
+++ b/.github/workflows/auto-merge-dependabot-pr.yml
@@ -5,19 +5,21 @@ on:
       - opened
       - synchronize
 
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
   tests:
     uses: ./.github/workflows/test.yml
     secrets: inherit
-    
+  permissions:
+    contents: read
+      
   dependabot:
     name: Auto-merge Dependabot PR
     runs-on: ubuntu-latest
     needs: tests
+    permissions:
+      contents: write
+      pull-requests: write
+      
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 383059f3..373656f0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,11 +10,17 @@ jobs:
   build:
     name: Build
     uses: ./.github/workflows/test.yml
-
+    secrets: inherit
+    permissions:
+      contents: read
+      
   release:
     name: Release @ ubuntu-latest
     runs-on: ubuntu-latest
     needs: build
+    permissions:
+      contents: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4