Add permissions

Author: spoorcc

.github/workflows/build.yml

@@ -18,7 +18,7 @@ jobs:
         platform: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.platform }}
     permissions:
-      contents: read
+      contents: write
       security-events: write
 
     steps:
@@ -107,6 +107,7 @@ jobs:
               build/dfetch-package/*.msi
               build/dfetch-package/*.cdx.json
           overwrite_files: false
+          draft: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
     needs: draft-release
     uses: ./.github/workflows/build.yml
     permissions:
-      contents: read
+      contents: write
       security-events: write
     with:
       release_id: ${{ needs.draft-release.outputs.release_id }}
@@ -45,7 +45,7 @@ jobs:
     needs: draft-release
     uses: ./.github/workflows/python-publish.yml
     permissions:
-      contents: read
+      contents: write
       security-events: write
       id-token: write
     with:

.github/workflows/python-publish.yml

@@ -99,6 +99,9 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ inputs.release_id }}
     needs: build
+    permissions:
+      contents: write
+      security-events: write
     steps:
     - name: Download all the dists
       uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v5
@@ -111,5 +114,6 @@ jobs:
         tag_name: ${{ inputs.release_id }}
         files: dist/*
         overwrite_files: false
+        draft: true
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}