From ddb8877c4a8c3c3353210f24fa9beed7e4dad77c Mon Sep 17 00:00:00 2001
From: Matt Travi <developer@travi.org>
Date: Thu, 4 Jan 2024 11:02:55 -0600
Subject: [PATCH] ci(permissions): defined appropriate permissions for
 publishing

Co-authored-by: Julie Van Kirk <VanKirkJulieA@JohnDeere.com>
Co-authored-by: Douglas Johnson <JohnsonDouglas@JohnDeere.com>
---
 .github/workflows/release.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a679f02a5f..601b321512 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,8 +4,15 @@ name: Release
     branches:
       - master
       - beta
+permissions:
+  contents: read # for checkout
 jobs:
   release:
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
     name: release
     runs-on: ubuntu-latest
     steps: