From 5735eb2b8097840380fa13e98017706ef70d9b02 Mon Sep 17 00:00:00 2001
From: Xuan Hu <i@huxuan.org>
Date: Fri, 31 Jan 2025 13:23:30 +0000
Subject: [PATCH] ci(patch-release): support trusted publishers for package
 publish

---
 .github/workflows/release.yml                                  | 3 +++
 .../workflows/release.yml.jinja                                | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c2561107..7e075c9e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -118,6 +118,9 @@ jobs:
           - '3.13'
   package-publish:
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
diff --git a/template/{% if repo_platform == 'github' %}.github{% endif %}/workflows/release.yml.jinja b/template/{% if repo_platform == 'github' %}.github{% endif %}/workflows/release.yml.jinja
index 2f5dfc1d..ce79f2b4 100644
--- a/template/{% if repo_platform == 'github' %}.github{% endif %}/workflows/release.yml.jinja	
+++ b/template/{% if repo_platform == 'github' %}.github{% endif %}/workflows/release.yml.jinja	
@@ -129,6 +129,9 @@ jobs:
 {% endif %}
   package-publish:
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2