From 8c4888c19d4997d7e443c6ad4953e716ee5429b0 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Fri, 22 Mar 2024 08:33:44 -0400
Subject: [PATCH] Allow build-tags to run on forks

build-tags uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master
As of f107ec62467b8779db9bbdb175721ef232ed52e5, that workflow requires:

    permissions:
      actions: read   # To read the workflow path.
      id-token: write # To sign the provenance.
      contents: write # To be able to upload assets as release artifacts

Per https://docs.github.com/en/actions/using-workflows/reusing-workflows
in order for this to work, the calling job (in build-tags) needs to
have the maximum required permissions in order for the calling workflow
to be run.
---
 .github/workflows/build-tags.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build-tags.yml b/.github/workflows/build-tags.yml
index 6431ec9d5ff9..cccb4d5cadf1 100644
--- a/.github/workflows/build-tags.yml
+++ b/.github/workflows/build-tags.yml
@@ -8,6 +8,11 @@ on:
     - 'dnsdist-*'
     - 'rec-*'
 
+permissions:
+  actions: read
+  id-token: write
+  contents: write
+
 jobs:
   call-build-packages-auth:
     uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master