From b51dcce258df2544b92836fa69d1053ee8b179ca Mon Sep 17 00:00:00 2001
From: Robert Waffen <rw@betadots.de>
Date: Fri, 19 Jul 2024 12:45:32 +0200
Subject: [PATCH] set permissions

Signed-off-by: Robert Waffen <rw@betadots.de>
---
 .github/workflows/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 8fc0a8a..14a1231 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -11,6 +11,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
+      attestations: write
     steps:
       - name: cut v from tag
         env:
@@ -22,6 +24,7 @@ jobs:
         uses: rwaffen/gha-build-and-publish-a-container@attest
         with:
           registry_password: ${{ secrets.GITHUB_TOKEN }}
+          attest: 'true'
           tags: |
             ghcr.io/${{ github.repository }}:${{ steps.split.outputs.tag }}
             ghcr.io/${{ github.repository }}:latest