From c23c2f63730700c9d80462b099cad9108511778a Mon Sep 17 00:00:00 2001
From: Anton Belodedenko <2033996+ab77@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:42:54 -0800
Subject: [PATCH 1/2] Tests require permissions: id-token: "write"

change-type: patch
---
 .github/workflows/flowzone.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml
index b7025cc..0a5feed 100644
--- a/.github/workflows/flowzone.yml
+++ b/.github/workflows/flowzone.yml
@@ -8,6 +8,9 @@ on:
     types: [opened, synchronize, closed]
     branches: [main, master]
 
+permissions:
+  id-token: "write"  # AWS GitHub OIDC required: write (tests)
+
 jobs:
   flowzone:
     name: Flowzone

From 46fe2614c75f5b75c24dc70258bfc456b7357b26 Mon Sep 17 00:00:00 2001
From: Anton Belodedenko <2033996+ab77@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:43:56 -0800
Subject: [PATCH 2/2] tests require additional permissions

---
 .github/workflows/flowzone.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml
index 0a5feed..cfb99e5 100644
--- a/.github/workflows/flowzone.yml
+++ b/.github/workflows/flowzone.yml
@@ -9,7 +9,9 @@ on:
     branches: [main, master]
 
 permissions:
-  id-token: "write"  # AWS GitHub OIDC required: write (tests)
+  contents: read
+  id-token: "write"  # AWS GitHub OIDC required: write
+  packages: read
 
 jobs:
   flowzone: