From cfb34a752442d8a984f255dd6a1dd2bf6a6374a0 Mon Sep 17 00:00:00 2001
From: saisatishkarra <saisatish.karra@konghq.com>
Date: Thu, 16 May 2024 09:02:31 -0700
Subject: [PATCH] fix(ci): permissions to publish npm provenance (#351)

---
 .github/workflows/build.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0d45ca5eb..7e9a7ff6a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -63,6 +63,11 @@ jobs:
 
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write # For using token to sign images
+      actions: read # For getting workflow run info to build provenance
+      packages: write # Required for publishing provenance. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
     if: ${{ github.ref_type == 'tag' && github.repository_owner == 'Kong' }}
     steps:
       # checkout tag