From fd08258f5b5ab4e9e23533e48e724ce69f826c68 Mon Sep 17 00:00:00 2001
From: Marcus Messer <marcus@marcusm.co.uk>
Date: Thu, 7 May 2026 09:40:51 +0100
Subject: [PATCH 1/2] Added permissions

---
 .github/workflows/production-deploy.yml | 4 ++++
 .github/workflows/staging-deploy.yml    | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/.github/workflows/production-deploy.yml b/.github/workflows/production-deploy.yml
index 901c8d9..6c3a2ed 100644
--- a/.github/workflows/production-deploy.yml
+++ b/.github/workflows/production-deploy.yml
@@ -34,7 +34,11 @@ on:
         default: '5'
 jobs:
   deploy:
+    permissions:
+      packages: write
+      id-token: write
     uses: lambda-feedback/evaluation-function-workflows/.github/workflows/deploy.yml@main
+
     with:
       template-repository-name: 'lambda-feedback/evaluation-function-boilerplate-python'
       environment: "production"
diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml
index c693871..7b62b3f 100644
--- a/.github/workflows/staging-deploy.yml
+++ b/.github/workflows/staging-deploy.yml
@@ -6,6 +6,8 @@ on:
       - main
   workflow_dispatch:
 
+
+
 jobs:
   test:
     name: Test
@@ -52,6 +54,9 @@ jobs:
           if-no-files-found: warn
   deploy:
     needs: test
+    permissions:
+      packages: write
+      id-token: write
     uses: lambda-feedback/evaluation-function-workflows/.github/workflows/deploy.yml@main
     with:
       template-repository-name: "lambda-feedback/evaluation-function-boilerplate-python"

From eb05375b884d83e14ae2c590e6a80fc5c9fc8f50 Mon Sep 17 00:00:00 2001
From: Marcus Messer <marcus@marcusm.co.uk>
Date: Thu, 7 May 2026 09:51:14 +0100
Subject: [PATCH 2/2] Added permissions for contents

---
 .github/workflows/production-deploy.yml | 1 +
 .github/workflows/staging-deploy.yml    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/production-deploy.yml b/.github/workflows/production-deploy.yml
index 6c3a2ed..87b0ac7 100644
--- a/.github/workflows/production-deploy.yml
+++ b/.github/workflows/production-deploy.yml
@@ -35,6 +35,7 @@ on:
 jobs:
   deploy:
     permissions:
+      contents: write
       packages: write
       id-token: write
     uses: lambda-feedback/evaluation-function-workflows/.github/workflows/deploy.yml@main
diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml
index 7b62b3f..c4b74e7 100644
--- a/.github/workflows/staging-deploy.yml
+++ b/.github/workflows/staging-deploy.yml
@@ -55,6 +55,7 @@ jobs:
   deploy:
     needs: test
     permissions:
+      contents: write
       packages: write
       id-token: write
     uses: lambda-feedback/evaluation-function-workflows/.github/workflows/deploy.yml@main