From ff8e5aa6121f73a2666d7ba483a5db22af92b89f Mon Sep 17 00:00:00 2001
From: Chris Markiewicz <effigies@gmail.com>
Date: Fri, 24 May 2024 23:17:22 -0400
Subject: [PATCH] chore(ci): Add attestation and id-token permissions

---
 .github/workflows/build-test-deploy.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
index 57afdad..1dea6d1 100644
--- a/.github/workflows/build-test-deploy.yml
+++ b/.github/workflows/build-test-deploy.yml
@@ -31,6 +31,8 @@ jobs:
   build-package:
     name: Build & verify package
     runs-on: ubuntu-latest
+    permissions:
+      attestations: write
     steps:
       - uses: actions/checkout@v4
         with:
@@ -109,6 +111,9 @@ jobs:
     if: github.event.action == 'published'
     runs-on: ubuntu-latest
     needs: [build-package, test]
+    permissions:
+      id-token: write
+      attestations: write
 
     steps:
       - name: Download packages built by build-and-inspect-python-package