astral-sh · charliermarsh · Apr 22, 2024 · Apr 22, 2024 · zanieb · Apr 22, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -100,6 +100,9 @@ jobs:
     with:
       plan: ${{ needs.plan.outputs.val }}
     secrets: inherit
+    permissions:
+      packages: write
+      contents: read
 
   # Build and package all the platform-agnostic(ish) things
   build-global-artifacts:

diff --git a/Cargo.toml b/Cargo.toml
@@ -244,3 +244,5 @@ build-local-artifacts = false
 local-artifacts-jobs = ["./build-binaries", "./build-docker"]
 # Publish jobs to run in CI
 publish-jobs = ["./publish-pypi"]
+# We allow modifications for Docker package publish permissions
+allow-dirty = ["ci"]