diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 6aad29c..cc26305 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -9,12 +9,6 @@ on:
 env:
   BASE_URL: /${{ github.event.repository.name }}
 
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
 # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
 # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
 concurrency:
@@ -24,6 +18,10 @@ concurrency:
 jobs:
   deploy-book:
     runs-on: ubuntu-latest
+    # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+    permissions:
+      pages: write
+      id-token: write
     steps:
       - uses: actions/checkout@v3
 
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 13ef0c6..cf4e7c9 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -13,20 +13,14 @@ on:
     - cron: '0 0 1 * *'
   workflow_dispatch:
 
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
 jobs:
   # This job tests that the CC works
   test-cc-and-jb-build:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]  # currently not testing on windows
-        python-version: [3.9]
+    runs-on: ubuntu-latest
+    # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+    permissions:
+      pages: write
+      id-token: write
     steps:
     - uses: actions/checkout@v3
 
diff --git a/{{cookiecutter.book_slug}}/.github/workflows/deploy.yml b/{{cookiecutter.book_slug}}/.github/workflows/deploy.yml
index 5e9120c..59e8dc5 100644
--- a/{{cookiecutter.book_slug}}/.github/workflows/deploy.yml
+++ b/{{cookiecutter.book_slug}}/.github/workflows/deploy.yml
@@ -9,12 +9,6 @@ on:
 env:
   BASE_URL: {% raw %}/${{ github.event.repository.name }}{% endraw %}
 
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
 # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
 # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
 concurrency:
@@ -24,6 +18,10 @@ concurrency:
 jobs:
   deploy-book:
     runs-on: ubuntu-latest
+    # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+    permissions:
+      pages: write
+      id-token: write
     steps:
       - uses: actions/checkout@v3