From 4fa59cdd6d232f896472c81724ca6e9d4ea43330 Mon Sep 17 00:00:00 2001
From: Arthur Meyre <arthur.meyre@zama.ai>
Date: Tue, 18 Feb 2025 16:15:04 +0100
Subject: [PATCH] chore(ci): fix web packages publish with provenance

- re-enabled required permissions, notably write id-token
---
 .github/workflows/make_release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/make_release.yml b/.github/workflows/make_release.yml
index 9ac0a737cf..8b5c171634 100644
--- a/.github/workflows/make_release.yml
+++ b/.github/workflows/make_release.yml
@@ -78,6 +78,10 @@ jobs:
     name: Publish Release
     needs: [package] # for comparing hashes
     runs-on: ubuntu-latest
+    # For provenance of npmjs publish
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2