From f3b6ae30157ffcf5d99bc1316e95a12653556674 Mon Sep 17 00:00:00 2001
From: Lukasz Dziedziak <lukidzi@gmail.com>
Date: Mon, 13 Jan 2025 16:52:29 +0100
Subject: [PATCH] chore(images): add permissions for build-images (#12530)

## Motivation

Backport of https://github.com/kumahq/kuma/pull/12512

Signed-off-by: Lukasz Dziedziak <lukidzi@gmail.com>
---
 .github/workflows/_build_publish.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/_build_publish.yaml b/.github/workflows/_build_publish.yaml
index 0dbf23a7b840..7da342c8bd1b 100644
--- a/.github/workflows/_build_publish.yaml
+++ b/.github/workflows/_build_publish.yaml
@@ -88,6 +88,9 @@ jobs:
           make publish/pulp
   build-images:
     runs-on: ubuntu-22.04 # pining to this version until https://github.com/actions/runner-images/issues/10636#issuecomment-2397720931 has a better solution
+    permissions:
+      id-token: write # Required for image signing
+      contents: read
     timeout-minutes: 30
     strategy:
       fail-fast: false