From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 3 Jul 2023 13:28:21 +0000 (+0200)
Subject: builder-dispatch: Explicitly grant id-token: write to the build package workflow
X-Git-Tag: rec-5.0.0-alpha1~129^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F12979%2Fhead;p=thirdparty%2Fpdns.git

builder-dispatch: Explicitly grant id-token: write to the build package workflow
---

diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml
index 456af0af24..30cab32c47 100644
--- a/.github/workflows/builder-dispatch.yml
+++ b/.github/workflows/builder-dispatch.yml
@@ -35,6 +35,11 @@ on:
         - 'NO'
         - 'YES'
 
+permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+  actions: read
+  contents: write # To be able to upload assets as release artifacts
+  id-token: write # To sign the provenance in the build packages reusable workflow.
+
 jobs:
   call-build-packages:
     uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master