diff --git a/.github/workflows/0-start.yml b/.github/workflows/0-start.yml
index 73c67595e..bc8237b05 100644
--- a/.github/workflows/0-start.yml
+++ b/.github/workflows/0-start.yml
@@ -12,6 +12,11 @@ on:
     branches:
       - main
 
+permissions:
+  # Need `contents: read` to checkout the repository
+  # Need `contents: write` to update the step metadata
+  contents: write
+
 jobs:
   on_start:
     name: On start
diff --git a/.github/workflows/1-create-a-branch.yml b/.github/workflows/1-create-a-branch.yml
index c078d5737..8c57f83c2 100644
--- a/.github/workflows/1-create-a-branch.yml
+++ b/.github/workflows/1-create-a-branch.yml
@@ -10,6 +10,11 @@ on:
   workflow_dispatch:
   create:
 
+permissions:
+  # Need `contents: read` to checkout the repository
+  # Need `contents: write` to update the step metadata
+  contents: write
+
 jobs:
   on_create_a_branch:
     name: On create a branch
diff --git a/.github/workflows/2-commit-a-file.yml b/.github/workflows/2-commit-a-file.yml
index 2fb0a253a..730664b17 100644
--- a/.github/workflows/2-commit-a-file.yml
+++ b/.github/workflows/2-commit-a-file.yml
@@ -12,6 +12,11 @@ on:
     branches:
       - my-first-branch
 
+permissions:
+  # Need `contents: read` to checkout the repository
+  # Need `contents: write` to update the step metadata
+  contents: write
+
 jobs:
   on_commit_a_file:
     name: On commit a file
diff --git a/.github/workflows/3-open-a-pull-request.yml b/.github/workflows/3-open-a-pull-request.yml
index 28012bfa2..f0214a266 100644
--- a/.github/workflows/3-open-a-pull-request.yml
+++ b/.github/workflows/3-open-a-pull-request.yml
@@ -13,6 +13,11 @@ on:
       - opened
       - reopened
 
+permissions:
+  # Need `contents: read` to checkout the repository
+  # Need `contents: write` to update the step metadata
+  contents: write
+
 jobs:
   on_open_a_pull_request:
     name: On open a pull request
diff --git a/.github/workflows/4-merge-your-pull-request.yml b/.github/workflows/4-merge-your-pull-request.yml
index 946b7705b..8b6817cbf 100644
--- a/.github/workflows/4-merge-your-pull-request.yml
+++ b/.github/workflows/4-merge-your-pull-request.yml
@@ -12,6 +12,11 @@ on:
     branches:
       - main
 
+permissions:
+  # Need `contents: read` to checkout the repository
+  # Need `contents: write` to update the step metadata
+  contents: write
+
 jobs:
   on_merge_your_pull_request:
     name: On merge your pull request