fix permissions

Author: anthony-nhs

.github/workflows/pull_request.yml

@@ -14,7 +14,7 @@ jobs:
     secrets:
       AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
       AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
-  
+
   pr_title_format_check:
     uses: ./.github/workflows/pr_title_check.yml
 
@@ -30,14 +30,14 @@ jobs:
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      
+
   tag_release:
     needs: get_config_values
     uses: ./.github/workflows/tag-release-devcontainer.yml
     permissions:
-      contents: read
       packages: read
-      attestations: read
+      id-token: write
+      contents: write
     with:
       dry_run: true
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}

.github/workflows/release.yml

@@ -20,6 +20,9 @@ jobs:
   tag_release:
     needs: [quality_checks, get_config_values]
     uses: ./.github/workflows/tag-release-devcontainer.yml
+    permissions:
+      id-token: write
+      contents: write
     with:
       dry_run: false
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}