By default, GitHub workflows run with write-all permissions. This is dangerous, since it opens the project up to supply-chain attacks. GitHub itself recommends ensuring all workflows run with minimal permissions.

netty-tcnative's workflows are mainly used for testing. As such, they do not need such broad permissions.

This issue can be solved in two ways:

• add top-level read-only permissions to all workflows, and then give additional job-level permissions as necessary; and/or
• set the default token permissions to read-only in the repo settings.

I'll be sending a PR along with this issue that sets the top-level permissions as necessary.

If you instead (or also) wish to modify the default token permissions:

1. Open the repo settings
2. Go to Actions > General
3. Under "Workflow permissions", set them to "Read repository contents and packages permissions"

If you wish to only modify the default token permissions, know that you'll need to modify any workflows that require additional permissions.

Disclosure: My name is Pedro and I work with Google and the Open Source Security Foundation (OpenSSF) to improve the supply-chain security of the open-source ecosystem.