normalize the workflow files (#857)

diff --git a/.github/workflows/args.yaml b/.github/workflows/args.yaml
index bef26b6..c254c7e 100644
--- a/.github/workflows/args.yaml
+++ b/.github/workflows/args.yaml

@@ -1,4 +1,5 @@
 name: package:args
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/args/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/async.yaml b/.github/workflows/async.yaml
index e086f23..99fd177 100644
--- a/.github/workflows/async.yaml
+++ b/.github/workflows/async.yaml

@@ -1,4 +1,5 @@
 name: package:async
+permissions: read-all
 
 on:
   # Run on PRs and pushes to the default branch.
@@ -15,9 +16,6 @@
   schedule:
     - cron: "0 0 * * 0"
 
-env:
-  PUB_ENVIRONMENT: bot.github
-
 defaults:
   run:
     working-directory: pkgs/async/

diff --git a/.github/workflows/characters.yaml b/.github/workflows/characters.yaml
index bb0c5f1..d7959eb 100644
--- a/.github/workflows/characters.yaml
+++ b/.github/workflows/characters.yaml

@@ -1,4 +1,5 @@
 name: package:characters
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/characters/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/collection.yaml b/.github/workflows/collection.yaml
index 247d91f..f3fd761 100644
--- a/.github/workflows/collection.yaml
+++ b/.github/workflows/collection.yaml

@@ -1,4 +1,5 @@
 name: package:collection
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -15,9 +16,6 @@
   schedule:
     - cron: "0 0 * * 0"
 
-env:
-  PUB_ENVIRONMENT: bot.github
-
 defaults:
   run:
     working-directory: pkgs/collection/

diff --git a/.github/workflows/convert.yaml b/.github/workflows/convert.yaml
index 1dad964..4ec8286 100644
--- a/.github/workflows/convert.yaml
+++ b/.github/workflows/convert.yaml

@@ -1,4 +1,5 @@
 name: package:convert
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/convert/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/crypto.yaml b/.github/workflows/crypto.yaml
index f381f31..f4fe944 100644
--- a/.github/workflows/crypto.yaml
+++ b/.github/workflows/crypto.yaml

@@ -1,4 +1,5 @@
 name: package:crypto
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/crypto/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/fixnum.yaml b/.github/workflows/fixnum.yaml
index 06befb2..fb3db08 100644
--- a/.github/workflows/fixnum.yaml
+++ b/.github/workflows/fixnum.yaml

@@ -1,4 +1,5 @@
 name: package:fixnum
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/fixnum/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/lints.yaml b/.github/workflows/lints.yaml
index c64ab41..9135065 100644
--- a/.github/workflows/lints.yaml
+++ b/.github/workflows/lints.yaml

@@ -1,4 +1,5 @@
 name: package:lints
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/lints/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/logging.yaml b/.github/workflows/logging.yaml
index ee66915..0bf08a8 100644
--- a/.github/workflows/logging.yaml
+++ b/.github/workflows/logging.yaml

@@ -1,4 +1,5 @@
 name: package:logging
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/logging/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/os_detect.yaml b/.github/workflows/os_detect.yaml
index 5405e33..637e483 100644
--- a/.github/workflows/os_detect.yaml
+++ b/.github/workflows/os_detect.yaml

@@ -1,4 +1,5 @@
 name: package:os_detect
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/os_detect/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/path.yaml b/.github/workflows/path.yaml
index c35e02c..87f72b3 100644
--- a/.github/workflows/path.yaml
+++ b/.github/workflows/path.yaml

@@ -1,4 +1,5 @@
 name: package:path
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/path/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/platform.yaml b/.github/workflows/platform.yaml
index 981c463..5cc9e0b 100644
--- a/.github/workflows/platform.yaml
+++ b/.github/workflows/platform.yaml

@@ -1,4 +1,5 @@
 name: package:platform
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/platform/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run:

diff --git a/.github/workflows/typed_data.yaml b/.github/workflows/typed_data.yaml
index 2ea36f7..d398269 100644
--- a/.github/workflows/typed_data.yaml
+++ b/.github/workflows/typed_data.yaml

@@ -1,4 +1,5 @@
 name: package:typed_data
+permissions: read-all
 
 on:
   # Run CI on pushes to the main branch, and on PRs against main.
@@ -14,8 +15,6 @@
       - 'pkgs/typed_data/**'
   schedule:
     - cron: "0 0 * * 0"
-env:
-  PUB_ENVIRONMENT: bot.github
 
 defaults:
   run: