Update permissions on workflow

.github/workflows/go.yml

@@ -19,14 +19,6 @@ env:
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
-# The API requires write permission on the repository to submit coverage reports
-permissions:
-  contents: write
-  packages: write
-  # This is used to complete the identity challenge
-  # with sigstore/fulcio when running outside of PRs.
-  id-token: write
-
 jobs:
 
   build:
@@ -53,6 +45,11 @@ jobs:
 
     - name: Coverage
       uses: gwatts/[email protected]
+      # The API requires write permission on the repository to submit coverage reports
+      permissions:
+        contents: write
+        checks: write
+        pull-requests: write
       with:
         # Fail the build if the coverage drops below supplied percentage
         coverage-threshold: 0 # Change this as coverage improves
@@ -74,6 +71,12 @@ jobs:
     - name: Log into registry ${{ env.REGISTRY }}
       if: github.event_name != 'pull_request'
       uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      permissions:
+        contents: read
+        packages: write
+        # This is used to complete the identity challenge
+        # with sigstore/fulcio when running outside of PRs.
+        id-token: write
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}