From b003eef65e7c1c86f5eb5aba1dcf3c20ca7a212b Mon Sep 17 00:00:00 2001
From: Alex Zenla <alex@edera.dev>
Date: Thu, 18 Jul 2024 14:42:22 -0700
Subject: [PATCH] fix(workflows): give id-token write permission to nightly and
 release-assets oci

---
 .github/workflows/nightly.yml        | 2 ++
 .github/workflows/release-assets.yml | 3 ++-
 nightly                              | 0
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 nightly

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index f465bee..46637d3 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -126,6 +126,8 @@ jobs:
         - krata-guest-init
     name: nightly oci build ${{ matrix.component }}
     permissions:
+      contents: read
+      id-token: write
       packages: write
     steps:
     - name: harden runner
diff --git a/.github/workflows/release-assets.yml b/.github/workflows/release-assets.yml
index 9dc3334..3fbcb9c 100644
--- a/.github/workflows/release-assets.yml
+++ b/.github/workflows/release-assets.yml
@@ -123,7 +123,8 @@ jobs:
         - krata-guest-init
     name: release-assets oci ${{ matrix.component }}
     permissions:
-      contents: write
+      contents: read
+      id-token: write
       packages: write
     steps:
     - name: harden runner
diff --git a/nightly b/nightly
new file mode 100644
index 0000000..e69de29