diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 6e6fbf4..297e2e8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,5 +1,4 @@
 ---
-
 name: CI Pipeline
 
 on:
@@ -14,9 +13,7 @@ permissions:
   contents: read
   pull-requests: write
 
-
 jobs:
-
   lint:
     runs-on: ubuntu-latest
     steps:
@@ -29,7 +26,7 @@ jobs:
 
       - name: Install Dependencies
         run: |
-            uv sync --dev
+          uv sync --dev
       - name: Run Ruff
         run: uv run ruff check --output-format=github .
   test:
@@ -38,7 +35,7 @@ jobs:
     needs: lint
     strategy:
       matrix:
-        python-version: ['3.10', '3.11', '3.12']
+        python-version: ["3.10", "3.11", "3.12"]
     steps:
       - uses: actions/checkout@v4
 
@@ -68,6 +65,8 @@ jobs:
     name: Build and Publish to PyPI
     runs-on: ubuntu-latest
     needs: test
+    permissions:
+      id-token: write
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     steps:
       - uses: actions/checkout@v4
@@ -81,7 +80,7 @@ jobs:
       - name: Set up Python 3.12
         uses: actions/setup-python@v5
         with:
-          python-version: '3.12'
+          python-version: "3.12"
 
       - name: Bump Version, Build, Publish
         run: uvx --from rust-just just publish-package