From c9d62aea52c7debf9903e59a65850b3eb5dad7f9 Mon Sep 17 00:00:00 2001
From: Matthew Watkins <mwatkins@linuxfoundation.org>
Date: Wed, 20 Nov 2024 18:44:04 +0000
Subject: [PATCH] Fix: Re-instate id-token write for PyPI publish

Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
---
 .github/workflows/primary.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/primary.yaml b/.github/workflows/primary.yaml
index d733015..57383c7 100644
--- a/.github/workflows/primary.yaml
+++ b/.github/workflows/primary.yaml
@@ -178,6 +178,8 @@ jobs:
       one_password_item: "op://hdiyadcjno2knqgvcy4wj5ulya/tm2ffuusrynfivtcsnamginhm4/password"
     permissions:
       contents: read
+      # Needed for trusted publishing
+      id-token: write
     secrets:
       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.ONE_PASSWORD_PRODUCTION }}
       PYPI_CREDENTIAL: ${{ secrets.PYPI_DEVELOPMENT }}
@@ -199,6 +201,8 @@ jobs:
       one_password_item: "op://hdiyadcjno2knqgvcy4wj5ulya/vds5rebqxeqfrjqwpszxxicmzq/password"
     permissions:
       contents: read
+      # Needed for trusted publishing
+      id-token: write
     secrets:
       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.ONE_PASSWORD_PRODUCTION }}
       PYPI_CREDENTIAL: ${{ secrets.PYPI_PRODUCTION }}