diff --git a/.github/renovate.json b/.github/renovate.json
index 66f4a27..f02f654 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,4 +1,6 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>ivuorinen/renovate-config"]
+  "extends": [
+    "github>ivuorinen/renovate-config"
+  ]
 }
diff --git a/.github/workflows/composer-install.yml b/.github/workflows/composer-install.yml
index 552313a..d238226 100644
--- a/.github/workflows/composer-install.yml
+++ b/.github/workflows/composer-install.yml
@@ -8,17 +8,13 @@ on:
       - "composer.json"
       - "composer.lock"
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 jobs:
   ComposerInstall:
     runs-on: ubuntu-latest
 
     permissions:
       contents: write
+      pacakges: read
       statuses: write
 
     strategy:
diff --git a/.github/workflows/compress-images.yml b/.github/workflows/compress-images.yml
index 999a449..92fd609 100644
--- a/.github/workflows/compress-images.yml
+++ b/.github/workflows/compress-images.yml
@@ -8,10 +8,6 @@ on:
   schedule:
     - cron: "00 23 * * 0"
 
-permissions:
-  contents: read
-  statuses: read
-
 jobs:
   CompressOnDemandOrSchedule:
     name: calibreapp/image-actions
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 85692be..e19e42f 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -12,16 +12,13 @@ name: "Dependency Review"
 
 on: [pull_request]
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      packages: read
+      statuses: read
     steps:
       - name: "Checkout Repository"
         uses: actions/checkout@v4
diff --git a/.github/workflows/laravel-phpunit.yml b/.github/workflows/laravel-phpunit.yml
index 137be32..6a71fd3 100644
--- a/.github/workflows/laravel-phpunit.yml
+++ b/.github/workflows/laravel-phpunit.yml
@@ -7,17 +7,13 @@ on:
   pull_request:
     branches: [main]
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 jobs:
   laravel-tests:
     runs-on: ubuntu-latest
 
     permissions:
       contents: write
+      packages: read
       statuses: write
 
     steps:
diff --git a/.github/workflows/pr-compress-images.yml b/.github/workflows/pr-compress-images.yml
index d708574..bab3b41 100644
--- a/.github/workflows/pr-compress-images.yml
+++ b/.github/workflows/pr-compress-images.yml
@@ -11,11 +11,6 @@ on:
       - "**.png"
       - "**.webp"
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 jobs:
   CompressInPR:
     # Only run on Pull Requests within the same repository, and not from forks.
@@ -25,6 +20,7 @@ jobs:
 
     permissions:
       contents: write
+      packages: read
       statuses: write
       pull-requests: write
 
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index ae442e7..2fdcf56 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -24,11 +24,6 @@ on:
   pull_request:
     branches: [master, main]
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 ###############
 # Set the Job #
 ###############
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 9c1e244..90f2859 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -4,11 +4,6 @@ name: Release Drafter
 on:
   workflow_call:
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 jobs:
   update_release_draft:
     name: ✏️ Draft release
@@ -16,6 +11,7 @@ jobs:
     permissions:
       contents: write
       statuses: write
+      packages: read
     steps:
       - name: 🚀 Run Release Drafter
         uses: release-drafter/release-drafter@v6.1.0
diff --git a/.github/workflows/release-monthly.yaml b/.github/workflows/release-monthly.yaml
index 3d8ac41..c866f55 100644
--- a/.github/workflows/release-monthly.yaml
+++ b/.github/workflows/release-monthly.yaml
@@ -7,17 +7,15 @@ on:
   schedule:
     - cron: "0 0 1 * *" # 1st of every month at midnight
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
-
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      packages: read
+      statuses: read
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/reviewdog-linters.yml b/.github/workflows/reviewdog-linters.yml
index 94f42f6..710f600 100644
--- a/.github/workflows/reviewdog-linters.yml
+++ b/.github/workflows/reviewdog-linters.yml
@@ -3,10 +3,6 @@ name: Reviewdog Linters
 
 on: [pull_request]
 
-permissions:
-  contents: read
-  statuses: read
-
 jobs:
   linters:
     name: Linters
diff --git a/.github/workflows/sync-labels-to-own-projects.yml b/.github/workflows/sync-labels-to-own-projects.yml
index 617d181..60bf7a7 100644
--- a/.github/workflows/sync-labels-to-own-projects.yml
+++ b/.github/workflows/sync-labels-to-own-projects.yml
@@ -12,10 +12,6 @@ on:
   schedule:
     - cron: "0 0 * * *" # Every day at midnight
 
-permissions:
-  contents: read
-  statuses: read
-
 jobs:
   sync-labels:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index e8bdd38..ccba22d 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -13,16 +13,14 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  contents: read
-  statuses: read
-
 jobs:
   labels:
     name: ♻️ Sync labels
     runs-on: ubuntu-latest
     permissions:
       issues: write
+      contents: read
+      statuses: read
     steps:
       - name: ⤵️ Download latest labels definitions
         run: |