From b47d8c1cdb5d30f8a564d6516238000d9fc4d234 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 11 Feb 2025 13:21:44 +0100
Subject: [PATCH 1/2] fix(ci): Add permissions to jobs

---
 .github/workflows/bootstrap_region.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml
index a9d7db8bcd..9f9042cde9 100644
--- a/.github/workflows/bootstrap_region.yml
+++ b/.github/workflows/bootstrap_region.yml
@@ -38,6 +38,7 @@ jobs:
     name: Bootstrap Region
     runs-on: ubuntu-latest
     permissions:
+      contents: write
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps:
@@ -74,6 +75,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: bootstrap
     permissions:
+      contents: write
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps:

From 5ed92590028447143e606bc79505c998d5bb4bec Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 11 Feb 2025 13:30:09 +0100
Subject: [PATCH 2/2] Update bootstrap_region.yml

---
 .github/workflows/bootstrap_region.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml
index 9f9042cde9..4670db9b8e 100644
--- a/.github/workflows/bootstrap_region.yml
+++ b/.github/workflows/bootstrap_region.yml
@@ -38,7 +38,7 @@ jobs:
     name: Bootstrap Region
     runs-on: ubuntu-latest
     permissions:
-      contents: write
+      contents: read
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps:
@@ -75,7 +75,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: bootstrap
     permissions:
-      contents: write
+      contents: read
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps: