From 5765443f31cddb877fe54ce7b9db3464c3318c62 Mon Sep 17 00:00:00 2001
From: Matthew Scharley <matt@scharley.me>
Date: Sat, 21 Oct 2023 17:32:06 +1100
Subject: [PATCH] ci: add extra permissions for provenance

---
 .github/workflows/changesets.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/changesets.yml b/.github/workflows/changesets.yml
index 38d168d8..74c29321 100644
--- a/.github/workflows/changesets.yml
+++ b/.github/workflows/changesets.yml
@@ -10,6 +10,9 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
 jobs:
   release:
     uses: mscharley/.github/.github/workflows/changesets.yml@main
+    permissions:
+      contents: read
+      id-token: write
     secrets:
       token: ${{ secrets.DEPENDENCY_UPDATE_GITHUB_TOKEN }}
       npm-token: ${{ secrets.NPM_TOKEN }}