From 8ddfcacd797c3fc43ea3aa31f8a4860b847088dd Mon Sep 17 00:00:00 2001
From: Sambhav Kothari <sambhavs.email@gmail.com>
Date: Wed, 19 Jan 2022 11:39:51 +0000
Subject: [PATCH] Fix permissions for image publish workflows (#3021)

All of the jobs in this workflow use the same set of permissions and this workflow is only run on pushes to master. Adding the appropriate permissions to read repository contents, publish packages and ID token for cosign.

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
---
 .github/workflows/image.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index 13f158395f..259bc1093a 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -4,7 +4,10 @@ on:
     branches:
       - 'main'
 
-permissions: read-all
+permissions:
+  contents: read
+  packages: write
+  id-token: write 
 
 jobs:
   push-init-kyverno: