From d960090e555b7f52b97c33dcdfdb53c269a06155 Mon Sep 17 00:00:00 2001
From: Matthew Feickert <matthew.feickert@cern.ch>
Date: Thu, 23 May 2024 17:29:09 -0500
Subject: [PATCH] ci: Update permissions for GitHub attestations

* Remove explicit content read permissions as not formally required.
   - c.f. https://github.com/actions/attest-build-provenance/tree/v1.1.2?tab=readme-ov-file#usage
---
 .github/workflows/publish-package.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml
index eeb8131afa..bea7e22c7e 100644
--- a/.github/workflows/publish-package.yml
+++ b/.github/workflows/publish-package.yml
@@ -32,7 +32,6 @@ jobs:
     permissions:
       id-token: write
       attestations: write
-      contents: read
 
     steps:
     - uses: actions/checkout@v4