diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
index b24c014..eb36453 100644
--- a/.github/workflows/labeler.yaml
+++ b/.github/workflows/labeler.yaml
@@ -3,16 +3,16 @@ name: "PR Labeler"
 on:
   pull_request_target:
 
-permissions:
-  pull-requests: write
-  issues: write
-
 jobs:
   labeler:
     name: "Labeler"
     runs-on: ubuntu-latest
     timeout-minutes: 5
 
+    permissions:
+      pull-requests: write
+      issues: write
+
     steps:
       - name: "Checkout Configs"
         uses: actions/checkout@v5
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 3f8b40f..575127e 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -10,22 +10,24 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions:
-  pull-requests: write
-
 jobs:
   lint:
     name: "Lint"
     runs-on: ubuntu-latest
     timeout-minutes: 5
 
+    permissions:
+      pull-requests: write
+
     steps:
       - name: "Checkout"
         uses: actions/checkout@v5
 
-      #- name: "Debug event.json"
-      #  run: |
-      #    cat "${GITHUB_EVENT_PATH}"
+      #- name: "Debug CTX github"
+      #  continue-on-error: true
+      #  env:
+      #    GITHUB_CTX: ${{ toJSON(github) }}
+      #  run: echo "$GITHUB_CTX"
 
       - name: "ShellCheck"
         if: ${{ !cancelled() }}
@@ -43,13 +45,6 @@ jobs:
           echo "::endgroup::"
           npx prettier --check .
 
-      - name: "Hadolint"
-        if: ${{ !cancelled() }}
-        uses: hadolint/hadolint-action@v3.1.0
-        with:
-          dockerfile: Dockerfile
-          ignore: DL3018
-
       - name: "Yamllint"
         if: ${{ !cancelled() }}
         env:
@@ -76,6 +71,13 @@ jobs:
           echo "::endgroup::"
           "${RUNNER_TEMP}/actionlint" -color -verbose -shellcheck= -pyflakes=
 
+      - name: "Hadolint"
+        if: ${{ !cancelled() }}
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          ignore: DL3018
+
       #- name: "Vale"
       #  if: ${{ !cancelled() }}
       #  uses: errata-ai/vale-action@v2.1.1
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ffe6311..e4c13b4 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -9,6 +9,7 @@ jobs:
     name: "Release"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+
     permissions:
       contents: write
 
diff --git a/.github/workflows/tags.yaml b/.github/workflows/tags.yaml
index 9539e5e..38b5c74 100644
--- a/.github/workflows/tags.yaml
+++ b/.github/workflows/tags.yaml
@@ -12,6 +12,7 @@ jobs:
     name: "Tags"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+
     permissions:
       contents: write
 
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 4394d84..8f725b1 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -33,9 +33,11 @@ jobs:
       - name: "Checkout"
         uses: actions/checkout@v5
 
-      #- name: "Debug event.json"
-      #  run: |
-      #    cat "${GITHUB_EVENT_PATH}"
+      #- name: "Debug CTX github"
+      #  continue-on-error: true
+      #  env:
+      #    GITHUB_CTX: ${{ toJSON(github) }}
+      #  run: echo "$GITHUB_CTX"
 
       - name: "1: Write YAML"
         if: ${{ !cancelled() }}