From 0b2685979b8c52e095b0c3477565587a980f46e1 Mon Sep 17 00:00:00 2001
From: Mathieu Garcia <mgarcia@wiseflat.com>
Date: Fri, 3 Oct 2025 09:00:13 +0200
Subject: [PATCH] ci(docker-publish): add write permissions for contents,
 packages, id-token

---
 .github/workflows/docker-publish.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index ed566d88..ced1a7c2 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,10 +1,5 @@
 name: Docker
 
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
 on:
   push:
     branches: [ "main" ]
@@ -14,12 +9,14 @@ on:
     branches: [ "main" ]
 
 env:
-  # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
   IMAGE_NAME_UI: ${{ github.repository }}-ui
   IMAGE_NAME_ANSIBLE: ${{ github.repository }}-ansible
 
+permissions:
+  contents: write
+  packages: write
+  id-token: write
 
 jobs:
   build-ui:
@@ -137,6 +134,10 @@ jobs:
   release:
     needs: [build-ui, build-ansible]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
     if: github.ref == 'refs/heads/main'
     steps:
       - name: Set version (SemVer) for release