From ffa781883a58e1771d542d8aeb103ee00c69efe5 Mon Sep 17 00:00:00 2001
From: Ron Green <11993626+georgettica@users.noreply.github.com>
Date: Tue, 8 Oct 2024 23:30:50 +0200
Subject: [PATCH] hopeful permissions addition

---
 .github/workflows/push-docker-on-release.yml | 71 ++++++++++----------
 1 file changed, 37 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/push-docker-on-release.yml b/.github/workflows/push-docker-on-release.yml
index e69eefbca..5343cbd80 100644
--- a/.github/workflows/push-docker-on-release.yml
+++ b/.github/workflows/push-docker-on-release.yml
@@ -1,44 +1,47 @@
 name: Build and Push Docker Image
 
 on:
-    release:
-        types: [published]
-    workflow_dispatch:
-        inputs:
-            release_tag:
-                description: "Release tag to build and push"
-                required: true
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: "Release tag to build and push"
+        required: true
 
 jobs:
-    build-and-push:
-        runs-on: ubuntu-latest
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # Allows read access to the repository code
+      packages: write # Allows pushing images to GitHub Container Registry
 
-        steps:
-            - name: Checkout code
-              uses: actions/checkout@v4
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-            - name: Log in to GitHub Container Registry
-              uses: docker/login-action@v3
-              with:
-                  registry: ghcr.io
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-            - name: Determine the release tag
-              id: get_tag
-              run: |
-                  if [ "${{ github.event_name }}" == "release" ]; then
-                    echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
-                  else
-                    echo "tag=${{ github.event.inputs.release_tag }}" >> $GITHUB_OUTPUT
-                  fi
+      - name: Determine the release tag
+        id: get_tag
+        run: |
+          if [ "${{ github.event_name }}" == "release" ]; then
+            echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+          else
+            echo "tag=${{ github.event.inputs.release_tag }}" >> $GITHUB_OUTPUT
+          fi
 
-            - name: Build and push Docker image
-              uses: docker/build-push-action@v6
-              with:
-                  context: .
-                  push: true
-                  tags: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ steps.get_tag.outputs.tag }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ steps.get_tag.outputs.tag }}