ci: include more explicit permissions, not fewer (#316)

wolf31o2 · web-flow · commit bb7ee6b07b7c · 2024-12-11T09:57:37.000-05:00
Signed-off-by: Chris Gianelloni &lt;wolf31o2@blinklabs.io&gt;
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -46,7 +46,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [create-draft-release]
     permissions:
+      actions: write
+      attestations: write
+      checks: write
+      contents: write
       id-token: write
+      packages: write
+      statuses: write
     steps:
       - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
       - uses: actions/checkout@v4
@@ -79,7 +85,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [create-draft-release]
     permissions:
+      actions: write
+      attestations: write
+      checks: write
+      contents: write
       id-token: write
+      packages: write
+      statuses: write
     steps:
       - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
       - uses: actions/checkout@v4
