From 6f37eed91bf5d671b21a94a81ccb2188c8125aa0 Mon Sep 17 00:00:00 2001
From: Alex Rudenko <OrKoN@users.noreply.github.com>
Date: Mon, 19 Sep 2022 08:24:16 +0200
Subject: [PATCH] chore: add id-token permissions to scorecard-action (#8971)

See ossf/scorecard-action#900

Example failure with scorecard-action@2 https://github.com/puppeteer/puppeteer/actions/runs/3066712334/jobs/4952194627
---
 .github/workflows/scorecards-analysis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 8191414d69d06..34a8e7ce795c8 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -20,6 +20,8 @@ jobs:
       security-events: write
       actions: read
       contents: read
+      # Needed to access OIDC token.
+      id-token: write
 
     steps:
       - name: 'Checkout code'