diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
index 9ec3294..0fea129 100644
--- a/.github/workflows/dependabot-automerge.yml
+++ b/.github/workflows/dependabot-automerge.yml
@@ -4,13 +4,15 @@ name: Dependabot auto-merge
 on: pull_request
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 
 jobs:
   dependabot:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'FortnoxAB/changesets-java'
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
diff --git a/.github/workflows/dependabot-changesets.yml b/.github/workflows/dependabot-changesets.yml
index 276b37e..413d7a5 100644
--- a/.github/workflows/dependabot-changesets.yml
+++ b/.github/workflows/dependabot-changesets.yml
@@ -4,13 +4,15 @@ on:
   pull_request: {}
 
 permissions:
-  pull-requests: read
-  contents: write
+  contents: read
 
 jobs:
   generate-changeset:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'FortnoxAB/changesets-java'
+    permissions:
+      pull-requests: read
+      contents: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
diff --git a/.github/workflows/publish-site-ghpages.yml b/.github/workflows/publish-site-ghpages.yml
deleted file mode 100644
index 6cef859..0000000
--- a/.github/workflows/publish-site-ghpages.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: Publish documentation
-
-on:
-  workflow_dispatch
-
-jobs:
-    build:
-      runs-on: ubuntu-latest
-      steps:
-        - name: Harden the runner (Audit all outbound calls)
-          uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-          with:
-            egress-policy: audit
-
-        - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-        - name: Set up JDK 17
-          uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
-          with:
-            java-version: '17'
-            distribution: 'temurin'
-            server-id: github
-            settings-path: ${{ github.workspace }}
-        - name: Publish to GitHub Pages
-          shell: bash
-          run: |
-            git config --global user.name  "github-actions[bot]"
-            git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-            ./mvnw --batch-mode --no-transfer-progress install --file pom.xml
-            cd changesets-maven-plugin
-            ../mvnw --batch-mode --no-transfer-progress clean site scm-publish:publish-scm -s $GITHUB_WORKSPACE/settings.xml
-          env:
-            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file