From c75696af2a7723f5ea43cd586bee75511f2c9d9a Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Fri, 27 Feb 2026 15:59:39 +0200
Subject: [PATCH] Fix HTTP 403 on `gh release create` by adding workflow-level
 permissions (#654)

* Fix HTTP 403 when creating GitHub releases by adding workflow-level permissions

Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>
---
 .github/workflows/main.yml            | 5 +++++
 .github/workflows/scheduled-build.yml | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 60d2ffa..d66c7f6 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -4,6 +4,11 @@ on:
     workflow_dispatch:
     release:
      types: [published]
+
+permissions:
+    contents: read
+    packages: write
+
 jobs:
     build:
         runs-on: ubuntu-latest
diff --git a/.github/workflows/scheduled-build.yml b/.github/workflows/scheduled-build.yml
index a105b87..e718145 100644
--- a/.github/workflows/scheduled-build.yml
+++ b/.github/workflows/scheduled-build.yml
@@ -5,6 +5,10 @@ on:
         - cron: '0 2 * * 0'  # Every Sunday at 02:00 UTC
     workflow_dispatch:
 
+permissions:
+    contents: write
+    packages: write
+
 jobs:
     build:
         runs-on: ubuntu-latest