From 5f51af5bd27287a312f37a395cec53a676bfe261 Mon Sep 17 00:00:00 2001
From: Noah Santschi-Cooney <noah@santschi-cooney.ch>
Date: Wed, 10 Dec 2025 15:33:51 +0000
Subject: [PATCH] fix: set id-token write permissions in calling workflow

---
 .github/workflows/release.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5558121..6a37bf8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,14 +15,13 @@ on:
           - minor
           - major
 
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
   create-release:
     runs-on: ubuntu-latest
     name: Create release
+    permissions:
+      contents: write
+      pull-requests: write
     outputs:
       version: ${{ steps.bump.outputs.version }}
     steps:
@@ -116,6 +115,9 @@ jobs:
   trigger-publish:
     name: Trigger Publish pipeline
     needs: create-release
+    permissions:
+      contents: write
+      id-token: write
     uses: ./.github/workflows/publish.yml
     with:
       branch: "release/v${{ needs.create-release.outputs.version }}"