diff --git a/.github/workflows/interchaintest.yml b/.github/workflows/interchaintest.yml
index c605eaf7f..4529d0fed 100644
--- a/.github/workflows/interchaintest.yml
+++ b/.github/workflows/interchaintest.yml
@@ -6,6 +6,10 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
@@ -15,7 +19,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
diff --git a/.github/workflows/push_docker_images.yml b/.github/workflows/push_docker_images.yml
index a8c990e76..cb695f4bf 100644
--- a/.github/workflows/push_docker_images.yml
+++ b/.github/workflows/push_docker_images.yml
@@ -20,6 +20,11 @@ on:
   push:
     tags:
     - 'v[0-9]+.[0-9]+.[0-9]+' # ignore rc
+
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   feeapp-images:
     runs-on: ubuntu-latest
@@ -34,7 +39,7 @@ jobs:
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2 
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5c8bc2891..fe3f3c597 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,10 @@
       release:
         types: [created]
     
+    permissions:
+      contents: read
+      packages: write
+      
     jobs:
       release:
         permissions: write-all