From 44631089c3d36dae9554e7ce02e473f10ab6a473 Mon Sep 17 00:00:00 2001
From: Julien Poissonnier <julien@caffeine.lu>
Date: Thu, 5 Sep 2024 10:20:54 +0200
Subject: [PATCH] Add id-token permissions to release jobs

We need this to auth with GCP

Follow up to https://github.com/pulumi/pulumi-docker-containers/pull/263
---
 .github/workflows/release.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b8ad419a..bfd85415 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,6 +62,8 @@ jobs:
       matrix:
         go-version: [1.21.x]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@master
       - name: Free Disk Space (Ubuntu)
@@ -154,6 +156,8 @@ jobs:
       matrix:
         go-version: [1.21.1]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@master
       - name: Free Disk Space (Ubuntu)
@@ -330,6 +334,8 @@ jobs:
     name: Debian SDK images
     needs: define-matrix
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     strategy:
       fail-fast: false
       matrix: ${{ fromJSON(needs.define-matrix.outputs.matrix) }}
@@ -517,6 +523,8 @@ jobs:
   ubi-sdk:
     name: UBI SDK images
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     strategy:
       fail-fast: false
       matrix: