From 7bcddb96b8721c1651bbfcb558729111bed01b26 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 23 Sep 2025 16:19:53 +0200
Subject: [PATCH] docker: Grant enough permissions to sign images

---
 .github/workflows/docker.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 133107b83e..4e37a27cf0 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -8,6 +8,9 @@ on:
 permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
   contents: read
   actions: read
+  # This is used to complete the identity challenge
+  # with sigstore/fulcio when running outside of PRs.
+  id-token: write
 
 jobs:
   call-build-image-auth:
-- 
2.47.3