GitHub App Permissions

Workflow-level permissions: Individual workflow jobs can request additional permissions via the permissions: YAML key. These are reflected in the job's GITHUB_TOKEN and can further scope what the token is allowed to do. For example, a job that needs to publish packages can request packages: write in its permissions: block.