From 5d495c2b93892a1de1c214beb5fb15de99cf03c9 Mon Sep 17 00:00:00 2001
From: eecavanna <134325062+eecavanna@users.noreply.github.com>
Date: Thu, 12 Jun 2025 12:38:39 -0700
Subject: [PATCH] Configure permissions related to pushing to GHCR

---
 .github/workflows/build-and-push-image.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-push-image.yaml b/.github/workflows/build-and-push-image.yaml
index 90af5c7..64a3199 100644
--- a/.github/workflows/build-and-push-image.yaml
+++ b/.github/workflows/build-and-push-image.yaml
@@ -21,6 +21,15 @@ jobs:
   build-and-push-image:
     name: Build and push container image
     runs-on: ubuntu-latest
+
+    # Make it so this GitHub Actions workflow can push container images to GHCR.
+    # Docs: https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images#publishing-images-to-github-packages
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    
     steps:
     - name: Check out commit  # docs: https://github.com/actions/checkout
       uses: actions/checkout@v4
@@ -71,4 +80,4 @@ jobs:
         target: production
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
-        push: true
\ No newline at end of file
+        push: true