From 4b6c6619d861eb8d40c244300ffb9af45f0f4759 Mon Sep 17 00:00:00 2001
From: Patryk Ciechanski <patryk.ciechanski@inetum.com>
Date: Thu, 12 Jun 2025 12:13:47 +0200
Subject: [PATCH] fix: Add missing attestations permission for build provenance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed GitHub Actions error "Resource not accessible by integration" by adding
the required attestations: write permission to build_and_publish_docker.yml.

The attest-build-provenance action requires three specific permissions:
- id-token: write (for OIDC token minting)
- contents: read (for repository access)
- attestations: write (for persisting build attestations)

This resolves the integration permission error that was preventing Docker
image attestation generation during the build process.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/build_and_publish_docker.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build_and_publish_docker.yml b/.github/workflows/build_and_publish_docker.yml
index 1ebe230..fa6af44 100644
--- a/.github/workflows/build_and_publish_docker.yml
+++ b/.github/workflows/build_and_publish_docker.yml
@@ -17,6 +17,7 @@ jobs:
       contents: read
       packages: write
       id-token: write
+      attestations: write
 
     steps:
     - name: Checkout repository