From cf5f58f2de1b583c520e93ebaeebd275cc24c897 Mon Sep 17 00:00:00 2001
From: Starttoaster <b.butler@chia.net>
Date: Tue, 9 Apr 2024 13:40:45 -0700
Subject: [PATCH] Switch to github actor permissions in docker publish
 workflows

---
 .github/workflows/dev-release.yml    | 7 ++++++-
 .github/workflows/latest-release.yml | 7 ++++++-
 .github/workflows/main-release.yml   | 7 ++++++-
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml
index 17d0709..e86f9c3 100644
--- a/.github/workflows/dev-release.yml
+++ b/.github/workflows/dev-release.yml
@@ -7,6 +7,11 @@ on:
         description: "The SHA from chia-blockchain to use when building the image"
         required: true
 
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
 concurrency:
   group: ${{ github.event.inputs.sha }}
   cancel-in-progress: true
@@ -29,7 +34,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.PACKAGE_ADMIN_PAT }}
+          password: ${{ github.token }}
 
       - name: Docker meta
         id: meta
diff --git a/.github/workflows/latest-release.yml b/.github/workflows/latest-release.yml
index f7e5a26..0f6387a 100644
--- a/.github/workflows/latest-release.yml
+++ b/.github/workflows/latest-release.yml
@@ -6,6 +6,11 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
 concurrency:
   group: "latest"
 
@@ -27,7 +32,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.PACKAGE_ADMIN_PAT }}
+          password: ${{ github.token }}
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
diff --git a/.github/workflows/main-release.yml b/.github/workflows/main-release.yml
index 5baae77..ce56550 100644
--- a/.github/workflows/main-release.yml
+++ b/.github/workflows/main-release.yml
@@ -6,6 +6,11 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
 concurrency:
   group: "main"
 
@@ -27,7 +32,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.PACKAGE_ADMIN_PAT }}
+          password: ${{ github.token }}
 
       - name: Login to DockerHub
         uses: docker/login-action@v2