From 07dc1775a100ffa03f6aa09af9689322c12c6a8a Mon Sep 17 00:00:00 2001
From: Anuraag Agrawal <anuraaga@gmail.com>
Date: Thu, 27 Jun 2024 13:53:02 +0900
Subject: [PATCH] Specify GHA permissions explicitly

---
 .github/workflows/release.yaml | 5 +++++
 .github/workflows/update.yaml  | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e31aead..91ca40d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,6 +5,11 @@ on:
     tags:
       - v*
 
+permissions:
+  id-token: write
+  attestations: write
+  contents: write
+
 jobs:
   release:
     uses: wasilibs/actions/.github/workflows/release.yaml@eeee5d072ee283c12eb68e2c4969012fae3d6dd0
diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
index b1401f1..d8cd500 100644
--- a/.github/workflows/update.yaml
+++ b/.github/workflows/update.yaml
@@ -5,6 +5,10 @@ on:
     - cron: "5 4 * * *"
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  attestations: write
+
 jobs:
   build:
     uses: wasilibs/actions/.github/workflows/update-node.yaml@eeee5d072ee283c12eb68e2c4969012fae3d6dd0