update permissions in workflow

Signed-off-by: sk593 <[email protected]>

.github/workflows/publish-bicep.yaml

@@ -27,6 +27,10 @@ on:
   workflow_dispatch:
     inputs: {}
 
+permissions:
+      id-token: write
+      contents: read
+
 env: 
   # bicep-types ACR url for uploading AWS Bicep types
   BICEP_TYPES_REGISTRY: 'biceptypes.azurecr.io'
@@ -82,21 +86,21 @@ jobs:
           path: ./artifacts/bicep
           if-no-files-found: error
       - name: 'Login via Azure CLI'
-        if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
+        # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
         uses: azure/login@v2
         with:
           client-id: ${{ secrets.BICEPTYPES_CLIENT_ID }}
           tenant-id: ${{ secrets.BICEPTYPES_TENANT_ID }}
           subscription-id: ${{ secrets.BICEPTYPES_SUBSCRIPTION_ID }}
       - name: Setup and verify bicep CLI
-        if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
+        # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
         run: |
           curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
           chmod +x ./bicep
           sudo mv ./bicep /usr/local/bin/bicep
           bicep --version
       - name: Publish bicep types 
-        if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
+        # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
         env: 
           VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }}
         run: |