From 7cdef436a5f4daed76d83cdaac34e0cdc6fa4388 Mon Sep 17 00:00:00 2001
From: Joey Orlando <joseph.t.orlando@gmail.com>
Date: Thu, 13 Jun 2024 14:46:17 -0400
Subject: [PATCH] update token permissions for yaml update action

---
 .github/workflows/on-release-published.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/on-release-published.yml b/.github/workflows/on-release-published.yml
index 1d867eaa..d5efee13 100644
--- a/.github/workflows/on-release-published.yml
+++ b/.github/workflows/on-release-published.yml
@@ -88,8 +88,12 @@ jobs:
     # These permissions are needed to assume roles from Github's OIDC.
     # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets
     permissions:
-      contents: read
       id-token: write
+      contents: read
+      # the following permissions are needed for the yaml-update-action step
+      # https://github.com/fjogeleit/yaml-update-action/issues/539#issuecomment-1440922870
+      issues: write
+      pull-requests: write
     steps:
       - name: Checkout project
         uses: actions/checkout@v4