From 646e7d1ccb37ecc39ad680da31292c109651be47 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 23 Sep 2025 16:15:13 +0200
Subject: [PATCH] build-docker-images-tags: Grant enough permissions to sign
 images

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
---
 .github/workflows/build-docker-images-tags.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-docker-images-tags.yml b/.github/workflows/build-docker-images-tags.yml
index 07074bd574..c8e46e5e89 100644
--- a/.github/workflows/build-docker-images-tags.yml
+++ b/.github/workflows/build-docker-images-tags.yml
@@ -11,6 +11,9 @@ on:
 permissions:
   actions: read
   contents: read
+  # This is used to complete the identity challenge
+  # with sigstore/fulcio when running outside of PRs.
+  id-token: write
 
 jobs:
   prepare:
-- 
2.47.3