fix: add explicit permissions to release workflow

vaind · vaind · commit 339cef8b0631 · 2025-09-18T11:51:37.000+02:00
Adds 'permissions: contents: read' to limit GITHUB_TOKEN permissions
following security best practices. The workflow uses a GitHub App token
for privileged operations, so limiting the default token to read-only
is appropriate.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,5 +1,8 @@
 name: Release
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:
