diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml
index 894426a..872ede8 100644
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@@ -16,6 +16,9 @@ on:
 jobs:
   draft-release:
     uses: 'google-github-actions/.github/.github/workflows/draft-release.yml@v3' # ratchet:exclude
+    permissions:
+      contents: 'read'
+      pull-requests: 'write'
     with:
       version_strategy: '${{ github.event.inputs.version_strategy }}'
     secrets:
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index 2b84abc..484dc5d 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -33,6 +33,10 @@ permissions:
   contents: 'read'
   id-token: 'write'
 
+defaults:
+  run:
+    shell: 'bash'
+
 jobs:
   integration:
     if: |-
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0457b00..934de99 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,5 +9,9 @@ on:
 jobs:
   release:
     uses: 'google-github-actions/.github/.github/workflows/release.yml@v3' # ratchet:exclude
+    permissions:
+      attestations: 'write'
+      contents: 'write'
+      packages: 'write'
     secrets:
       ACTIONS_BOT_TOKEN: '${{ secrets.ACTIONS_BOT_TOKEN }}'
diff --git a/package-lock.json b/package-lock.json
index 85af50b..7bfdcbd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6,7 +6,11 @@
   "packages": {
     "": {
       "name": "deploy-gke",
-      "version": "0.0.3"
+      "version": "0.0.3",
+      "engines": {
+        "node": "20.x",
+        "npm": "10.x"
+      }
     }
   }
 }