From bd101af0ac934eb465b26471503a89c7bc9d9d01 Mon Sep 17 00:00:00 2001
From: Espen Hovlandsdal <espen@hovlandsdal.com>
Date: Sat, 7 Dec 2024 11:07:05 -0800
Subject: [PATCH] ci: adjust permissions for releases

---
 .github/workflows/release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b0161d3..2bdfc4b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -48,7 +48,8 @@ jobs:
   release:
     name: 'Release: Publish to NPM'
     permissions:
-      contents: read # for checkout
+      issues: write # for release notes, comments…
+      contents: write # for checkout + push + release creation
       id-token: write # to enable use of OIDC for npm provenanc
     if: always() && github.event.inputs.release == 'true' && github.event.inputs.dryrun == 'false'
     runs-on: ubuntu-latest