From 875a747e2407ad00eeeb7abe9f617eaa484bd59f Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mnvr.in>
Date: Fri, 28 Mar 2025 12:54:15 +0530
Subject: [PATCH] granular perms / release

"only required permissions for the action specified (which is contents: write)"
- https://github.com/ncipollo/release-action?tab=readme-ov-file#notes
---
 .github/workflows/auth-internal-release.yml   | 3 +++
 .github/workflows/auth-release.yml            | 3 +++
 .github/workflows/mobile-internal-release.yml | 5 ++++-
 .github/workflows/mobile-release.yml          | 3 +++
 desktop/.github/workflows/desktop-release.yml | 3 +++
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/auth-internal-release.yml b/.github/workflows/auth-internal-release.yml
index 4aec41202f..9668e0e336 100644
--- a/.github/workflows/auth-internal-release.yml
+++ b/.github/workflows/auth-internal-release.yml
@@ -6,6 +6,9 @@ on:
 env:
     FLUTTER_VERSION: "3.24.3"
 
+permissions:
+    contents: write
+
 jobs:
     build:
         runs-on: ubuntu-latest
diff --git a/.github/workflows/auth-release.yml b/.github/workflows/auth-release.yml
index 337c457cab..697c08efd2 100644
--- a/.github/workflows/auth-release.yml
+++ b/.github/workflows/auth-release.yml
@@ -31,6 +31,9 @@ on:
 env:
     FLUTTER_VERSION: "3.24.3"
 
+permissions:
+    contents: write
+
 jobs:
     build-linux-latest:
         runs-on: ubuntu-latest
diff --git a/.github/workflows/mobile-internal-release.yml b/.github/workflows/mobile-internal-release.yml
index cbba50064f..b8ef0b2225 100644
--- a/.github/workflows/mobile-internal-release.yml
+++ b/.github/workflows/mobile-internal-release.yml
@@ -6,6 +6,9 @@ on:
 env:
     FLUTTER_VERSION: "3.24.3"
 
+permissions:
+    contents: write
+
 jobs:
     build:
         runs-on: ubuntu-latest
@@ -54,7 +57,7 @@ jobs:
                   packageName: io.ente.photos
                   releaseFiles: mobile/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
                   track: internal
-            
+
             - name: Notify Discord
               uses: sarisia/actions-status-discord@v1
               with:
diff --git a/.github/workflows/mobile-release.yml b/.github/workflows/mobile-release.yml
index 8997f0afbc..e15cd937e9 100644
--- a/.github/workflows/mobile-release.yml
+++ b/.github/workflows/mobile-release.yml
@@ -11,6 +11,9 @@ on:
 env:
     FLUTTER_VERSION: "3.24.3"
 
+permissions:
+    contents: write
+
 jobs:
     build:
         runs-on: ubuntu-latest
diff --git a/desktop/.github/workflows/desktop-release.yml b/desktop/.github/workflows/desktop-release.yml
index 71d8384660..335de87258 100644
--- a/desktop/.github/workflows/desktop-release.yml
+++ b/desktop/.github/workflows/desktop-release.yml
@@ -22,6 +22,9 @@ on:
         tags:
             - "v[0-9]+.[0-9]+.[0-9]+"
 
+permissions:
+    contents: write
+
 jobs:
     release:
         runs-on: ${{ matrix.os }}