chore: add idToken permissions for OIDC authentication (#125)

rix0rrr · mrgrain · web-flow · commit 9873ff2a55a9 · 2025-02-26T17:10:01.000Z
The release steps don't work without these permissions.

---
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license

Co-authored-by: Momo Kornher &lt;kornherm@amazon.co.uk&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/projenrc/adc-publishing.ts b/projenrc/adc-publishing.ts
@@ -35,6 +35,7 @@ export class AdcPublishing extends Component {
       runsOn: ['ubuntu-latest'],
       permissions: {
         contents: JobPermission.WRITE,
+        idToken: JobPermission.WRITE,
       },
       if: '${{ needs.release.outputs.latest_commit == github.sha }}',
       steps: [
diff --git a/projenrc/record-publishing-timestamp.ts b/projenrc/record-publishing-timestamp.ts
@@ -25,6 +25,7 @@ export class RecordPublishingTimestamp extends Component {
       runsOn: ['ubuntu-latest'],
       permissions: {
         contents: JobPermission.WRITE,
+        idToken: JobPermission.WRITE,
       },
       if: '${{ needs.release.outputs.latest_commit == github.sha }}',
       steps: [
