Locks down permissions to the job level with least privledge we can get away with

.github/workflows/ci-release.yml

@@ -7,6 +7,7 @@ on:
 concurrency:
   group: release-${{ github.ref }}
   cancel-in-progress: false
+permissions: {}
 env:
   DEFAULT_UV_VERSION: "0.10.x"
   DEFAULT_PYTHON_VERSION: "3.12"
@@ -14,6 +15,10 @@ jobs:
   wait-for-docker:
     name: Wait for Docker Build
     runs-on: ubuntu-24.04
+    permissions:
+      # lewagon/wait-on-check-action reads workflow check runs
+      actions: read
+      contents: read
     steps:
       - name: Wait for Docker build
         uses: lewagon/wait-on-check-action@v1.5.0
@@ -26,6 +31,8 @@ jobs:
     name: Build Release
     needs: wait-for-docker
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -127,6 +134,10 @@ jobs:
     name: Publish Release
     needs: build-release
     runs-on: ubuntu-24.04
+    permissions:
+      # release-drafter reads PRs to build the changelog and creates/publishes the release
+      contents: write
+      pull-requests: read
     outputs:
       prerelease: ${{ steps.get-version.outputs.prerelease }}
       changelog: ${{ steps.create-release.outputs.body }}
@@ -174,6 +185,11 @@ jobs:
     needs: publish-release
     if: needs.publish-release.outputs.prerelease == 'false'
     runs-on: ubuntu-24.04
+    permissions:
+      # git push of the changelog branch requires contents: write
+      # github.rest.pulls.create() and github.rest.issues.addLabels() require pull-requests: write
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@v6