From 9ac155ccecb16ad6a7132eaf9c25d25c9abe4125 Mon Sep 17 00:00:00 2001
From: TonyRL <TonyRL@users.noreply.github.com>
Date: Tue, 10 Dec 2024 15:57:15 +0000
Subject: [PATCH] chore: fix GITHUB_TOKEN permission

---
 .github/workflows/build-nightly-release.yml | 14 +++++++++-----
 .github/workflows/build-release.yml         | 14 +++++++++-----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build-nightly-release.yml b/.github/workflows/build-nightly-release.yml
index a6e82744..fcbfff28 100644
--- a/.github/workflows/build-nightly-release.yml
+++ b/.github/workflows/build-nightly-release.yml
@@ -15,6 +15,7 @@ jobs:
       id-token: write
       contents: read
       attestations: write
+      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -64,11 +65,14 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Attest
+      - name: Attest (Dockerhub)
         uses: actions/attest-build-provenance@v2
-        id: attest
         with:
-          subject-name: |
-            docker.io/${{ vars.DOCKER_USERNAME }}/ttrss
-            ${{ env.REGISTRY }}/${{ github.repository }}
+          subject-name: ${{ vars.DOCKER_USERNAME }}/ttrss
+          subject-digest: ${{ steps.push.outputs.digest }}
+
+      - name: Attest (Container Registry)
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository }}
           subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
index 0c7f1e15..c5bb5eda 100644
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -24,6 +24,7 @@ jobs:
       id-token: write
       contents: read
       attestations: write
+      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -72,11 +73,14 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Attest
+      - name: Attest (Dockerhub)
         uses: actions/attest-build-provenance@v2
-        id: attest
         with:
-          subject-name: |
-            docker.io/${{ vars.DOCKER_USERNAME }}/ttrss
-            ${{ env.REGISTRY }}/${{ github.repository }}
+          subject-name: ${{ vars.DOCKER_USERNAME }}/ttrss
+          subject-digest: ${{ steps.push.outputs.digest }}
+
+      - name: Attest (Container Registry)
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository }}
           subject-digest: ${{ steps.push.outputs.digest }}