From 42c97ee657a2c9e15fa45da5b71752a3594d9321 Mon Sep 17 00:00:00 2001
From: Loris Leiva <loris.leiva@gmail.com>
Date: Wed, 17 Jun 2026 09:58:58 +0100
Subject: [PATCH] Set explicit permissions on publish workflows

---
 .github/workflows/publish-js.yml   | 3 +++
 .github/workflows/publish-rust.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/publish-js.yml b/.github/workflows/publish-js.yml
index 5d066d2..63b7ed0 100644
--- a/.github/workflows/publish-js.yml
+++ b/.github/workflows/publish-js.yml
@@ -56,6 +56,9 @@ jobs:
   main:
     needs: set_env
     uses: solana-program/actions/.github/workflows/publish-js.yml@main
+    permissions:
+      contents: write
+      id-token: write
     with:
       sbpf-program-packages: "program"
       solana-cli-version: ${{ needs.set_env.outputs.SOLANA_CLI_VERSION }}
diff --git a/.github/workflows/publish-rust.yml b/.github/workflows/publish-rust.yml
index 8cb5085..136f1eb 100644
--- a/.github/workflows/publish-rust.yml
+++ b/.github/workflows/publish-rust.yml
@@ -64,6 +64,9 @@ jobs:
   main:
     needs: set_env
     uses: solana-program/actions/.github/workflows/publish-rust.yml@main
+    permissions:
+      contents: write
+      id-token: write
     with:
       sbpf-program-packages: "program"
       solana-cli-version: ${{ needs.set_env.outputs.SOLANA_CLI_VERSION }}