From 00f880108e29e629b0c4aae835b06fd55f96eb19 Mon Sep 17 00:00:00 2001
From: fkwp <fkwp@users.noreply.github.com>
Date: Mon, 2 Mar 2026 17:03:01 +0100
Subject: [PATCH] fix: add id-token permission as its required by tailscale
 login (part 2) (#3770)

* Push docker images to oci.element.io

* prettier

* add id-token permission as its required by tailscale login
---
 .github/workflows/build.yaml     | 1 +
 .github/workflows/pr-deploy.yaml | 1 +
 .github/workflows/publish.yaml   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 9b86215e..4f9e80f2 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -49,6 +49,7 @@ jobs:
     permissions:
       contents: write
       packages: write
+      id-token: write
     uses: ./.github/workflows/build-and-publish-docker.yaml
     with:
       artifact_run_id: ${{ github.run_id }}
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index fe934162..62b37aca 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -60,6 +60,7 @@ jobs:
     permissions:
       contents: write
       packages: write
+      id-token: write
     uses: ./.github/workflows/build-and-publish-docker.yaml
     with:
       artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }}
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 7f2c58fe..ade91019 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -55,6 +55,7 @@ jobs:
     permissions:
       contents: write
       packages: write
+      id-token: write
     uses: ./.github/workflows/build-and-publish-docker.yaml
     with:
       artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }}