From d5e961e01b63a76b3d1effaf15eefd728dac7e96 Mon Sep 17 00:00:00 2001
From: Ru Chern Chong <ruchern.chong@sgcarstrends.com>
Date: Mon, 16 Dec 2024 02:36:15 +0800
Subject: [PATCH] Grant permissions for workflow callers

---
 .github/workflows/sst.dev.yml     | 5 +++++
 .github/workflows/sst.prod.yml    | 4 ++++
 .github/workflows/sst.staging.yml | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/.github/workflows/sst.dev.yml b/.github/workflows/sst.dev.yml
index d8b8f87..16c103d 100644
--- a/.github/workflows/sst.dev.yml
+++ b/.github/workflows/sst.dev.yml
@@ -6,6 +6,11 @@ on:
       - 'main'
       - 'release/**'
 
+
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   dev:
     uses: ./.github/workflows/sst.deploy.yml
diff --git a/.github/workflows/sst.prod.yml b/.github/workflows/sst.prod.yml
index 332548c..926cf3f 100644
--- a/.github/workflows/sst.prod.yml
+++ b/.github/workflows/sst.prod.yml
@@ -6,6 +6,10 @@ on:
       - 'v[0-9]+.[0-9]+.[0-9]+'
       - 'v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+'
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   prod:
     uses: ./.github/workflows/sst.deploy.yml
diff --git a/.github/workflows/sst.staging.yml b/.github/workflows/sst.staging.yml
index 4fe61cf..ff91b6b 100644
--- a/.github/workflows/sst.staging.yml
+++ b/.github/workflows/sst.staging.yml
@@ -8,6 +8,10 @@ on:
     tags-ignore:
       - '*'
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   staging:
     uses: ./.github/workflows/sst.deploy.yml