From 4d0db549040637499979da81712744ad7382d662 Mon Sep 17 00:00:00 2001 From: Loris Leiva Date: Wed, 17 Jun 2026 09:58:02 +0100 Subject: [PATCH] Set explicit permissions on publish workflows --- .github/workflows/publish-js.yml | 3 +++ .github/workflows/publish-rust.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/publish-js.yml b/.github/workflows/publish-js.yml index 427443d..0ef4154 100644 --- a/.github/workflows/publish-js.yml +++ b/.github/workflows/publish-js.yml @@ -56,6 +56,9 @@ jobs: main: needs: set_env uses: solana-program/actions/.github/workflows/publish-js.yml@main + permissions: + contents: write + id-token: write with: sbpf-program-packages: "program" solana-cli-version: ${{ needs.set_env.outputs.SOLANA_CLI_VERSION }} diff --git a/.github/workflows/publish-rust.yml b/.github/workflows/publish-rust.yml index de3e195..68085ff 100644 --- a/.github/workflows/publish-rust.yml +++ b/.github/workflows/publish-rust.yml @@ -64,6 +64,9 @@ jobs: main: needs: set_env uses: solana-program/actions/.github/workflows/publish-rust.yml@main + permissions: + contents: write + id-token: write with: sbpf-program-packages: "program" solana-cli-version: ${{ needs.set_env.outputs.SOLANA_CLI_VERSION }}