From bb7ee6b07b7c1244a8aa4a8a05966576856246d3 Mon Sep 17 00:00:00 2001
From: Chris Gianelloni <wolf31o2@blinklabs.io>
Date: Wed, 11 Dec 2024 09:57:37 -0500
Subject: [PATCH] ci: include more explicit permissions, not fewer (#316)

Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>
---
 .github/workflows/publish.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 50531aa..8a02b04 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -46,7 +46,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [create-draft-release]
     permissions:
+      actions: write
+      attestations: write
+      checks: write
+      contents: write
       id-token: write
+      packages: write
+      statuses: write
     steps:
       - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
       - uses: actions/checkout@v4
@@ -79,7 +85,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [create-draft-release]
     permissions:
+      actions: write
+      attestations: write
+      checks: write
+      contents: write
       id-token: write
+      packages: write
+      statuses: write
     steps:
       - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
       - uses: actions/checkout@v4