From ce806210bd09b57551497c408de8ef15d31341bb Mon Sep 17 00:00:00 2001
From: Hugh Nimmo-Smith <hughns@element.io>
Date: Wed, 19 Mar 2025 21:19:23 +0000
Subject: [PATCH] Fix npm publish permissions

---
 .github/workflows/publish-embedded-packages.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/publish-embedded-packages.yaml b/.github/workflows/publish-embedded-packages.yaml
index aee337a5..59f7eb48 100644
--- a/.github/workflows/publish-embedded-packages.yaml
+++ b/.github/workflows/publish-embedded-packages.yaml
@@ -67,6 +67,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      id-token: write # required for the provenance flag on npm publish
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4