From ccf4a85f89b9eacbc2a5261bb32059a377349703 Mon Sep 17 00:00:00 2001
From: Zanie Blue <contact@zanie.dev>
Date: Mon, 22 Apr 2024 18:05:21 -0500
Subject: [PATCH] Fix Docker publish permissions in release pipeline (#3195)

---
 .github/workflows/release.yml | 3 +++
 Cargo.toml                    | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5019ae220..d0f2a699b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -100,6 +100,9 @@ jobs:
     with:
       plan: ${{ needs.plan.outputs.val }}
     secrets: inherit
+    permissions:
+      packages: write
+      contents: read
 
   # Build and package all the platform-agnostic(ish) things
   build-global-artifacts:
diff --git a/Cargo.toml b/Cargo.toml
index 33cb47056..c39170709 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -244,3 +244,5 @@ build-local-artifacts = false
 local-artifacts-jobs = ["./build-binaries", "./build-docker"]
 # Publish jobs to run in CI
 publish-jobs = ["./publish-pypi"]
+# We allow modifications for Docker package publish permissions
+allow-dirty = ["ci"]