From 3827ccff23f2562f27b71d7ad87e1ec8facfa4bd Mon Sep 17 00:00:00 2001
From: Kenneth <kenneth@nym.sh>
Date: Sat, 14 Mar 2026 01:23:37 +0000
Subject: [PATCH] Add top-level OIDC permissions to publish workflow (#7)

Co-authored-by: Ona <no-reply@ona.com>
---
 .github/workflows/publish.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7e58d19..240e662 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -4,6 +4,10 @@ on:
   release:
     types: [published]
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest