From 6e4b578a30c81f37139d5b5ce9dc4e06b61c2e22 Mon Sep 17 00:00:00 2001
From: James Sturtevant <jsturtevant@gmail.com>
Date: Thu, 11 Dec 2025 17:27:37 -0800
Subject: [PATCH] fix: add id-token permission for cargo publish workflow

The cargo-publish job needs id-token: write permission to use trusted publishing with crates.io via OIDC authentication and since it is a re-usable workflow we need to give it permissions here

Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
---
 .github/workflows/CreateRelease.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/CreateRelease.yml b/.github/workflows/CreateRelease.yml
index d6ec48911..820e9cb67 100644
--- a/.github/workflows/CreateRelease.yml
+++ b/.github/workflows/CreateRelease.yml
@@ -85,6 +85,7 @@ jobs:
     secrets: inherit
     permissions:
       contents: read
+      id-token: write
 
   publish:
     # see https://github.com/orgs/community/discussions/26286#discussioncomment-3251208 for why we need to check the ref