From acb64d0ff58337d3319d576270edc1922896516d Mon Sep 17 00:00:00 2001
From: Rob Galanakis <rob.galanakis@gmail.com>
Date: Tue, 9 Jan 2024 12:41:37 -0800
Subject: [PATCH] Adjust job permissions so releaser can create a release

---
 .github/workflows/release.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f2e5e16..a05f745 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,9 @@ on:
     tags:
       - '*'
 
+permissions:
+  contents: write # Needed to create a release
+
 jobs:
   goreleaser:
     runs-on: macos-latest
@@ -30,7 +33,7 @@ jobs:
           version: latest
           args: --debug release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TAP_GITHUB_TOKEN: ${{ secrets.TAP_TOKEN_ROBG_PAT }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needs write access to webhookdb-cli contents
+          TAP_GITHUB_TOKEN: ${{ secrets.BREWTAPS_GITHUB_TOKEN }} # Needs write access to homebrew-webhookdb contents (and PRs?)
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} # Needs write access to S3
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}