From 505a385d24270efb0297bb06de71878dbb7be0c4 Mon Sep 17 00:00:00 2001
From: zirkelc <chris.zirkel@gmail.com>
Date: Sun, 18 Aug 2024 11:33:48 +0200
Subject: [PATCH] ci: add permissions for coverage

---
 .github/workflows/ci.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 539198d..25df9e5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,12 @@ env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
+permissions:
+  checks: write
+  id-token: write # needed for npm publish with provenance
+  contents: write # needed for github release
+  pull-requests: write # needed for coverage comment
+
 jobs:
   lint:
     name: Lint
@@ -78,9 +84,6 @@ jobs:
     runs-on: ubuntu-latest
     needs: [lint,test]
     if: github.ref == 'refs/heads/main'
-    permissions:
-      id-token: write # needed for npm publish with provenance
-      contents: write # needed for github release
 
     steps:
       - uses: actions/checkout@v4