add id-token permission as its required by tailscale login

2026-03-13 06:07:04 +00:00 · 2026-03-02 15:50:39 +01:00
parent fc3941f3a8
commit 94583130b5
4 changed files with 5 additions and 1 deletions
--- a/.github/workflows/build-and-publish-docker.yaml
+++ b/.github/workflows/build-and-publish-docker.yaml
@@ -20,7 +20,8 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: write # required to upload release asset
-      packages: write
+      packages: write # needed for publishing packages to GHCR
+      id-token: write # needed for login into tailscale with GitHub OIDC Token
    steps:
      - name: Check it out
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -49,6 +49,7 @@ jobs:
    permissions:
      contents: write
      packages: write
+      id-token: write
    uses: ./.github/workflows/build-and-publish-docker.yaml
    with:
      artifact_run_id: ${{ github.run_id }}
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -60,6 +60,7 @@ jobs:
    permissions:
      contents: write
      packages: write
+      id-token: write
    uses: ./.github/workflows/build-and-publish-docker.yaml
    with:
      artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }}
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -55,6 +55,7 @@ jobs:
    permissions:
      contents: write
      packages: write
+      id-token: write
    uses: ./.github/workflows/build-and-publish-docker.yaml
    with:
      artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }}