From 36af4223ca411eede4a60066e96f2453fc8fe668 Mon Sep 17 00:00:00 2001
From: Dan Pock <self@danpock.me>
Date: Fri, 8 Nov 2024 11:38:47 -0500
Subject: [PATCH] Add write to packages/attestations for ghcr.io packages

---
 .github/workflows/head-build.yml      | 2 ++
 .github/workflows/release-publish.yml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/head-build.yml b/.github/workflows/head-build.yml
index 8973828..d599bff 100644
--- a/.github/workflows/head-build.yml
+++ b/.github/workflows/head-build.yml
@@ -39,6 +39,8 @@ jobs:
       # - Read vault secrets in rancher-eio/read-vault-secrets.
       # - Publish image to ghcr.io
       id-token: write
+      packages: write
+      attestations: write
 
     runs-on: ubuntu-latest
     needs:
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index f276176..0e84fe9 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -27,6 +27,8 @@ jobs:
       # - OIDC for cosign's use in ecm-distro-tools/publish-image.
       # - Read vault secrets in rancher-eio/read-vault-secrets.
       id-token: write
+      packages: write
+      attestations: write
 
     runs-on: ubuntu-latest