From e9a7860f3f2e5c6f05408c30b0abb2839f071eff Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 14:02:49 -0400
Subject: [PATCH] Add permissions block

---
 .github/workflows/ci.yml       | 5 ++++-
 .github/workflows/update.yml   | 5 ++++-
 .github/workflows/validate.yml | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6fc524d..f6676f5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,7 +7,10 @@ on:
 
 jobs:
   typescript-action:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 50bf3b3..181769a 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -7,7 +7,10 @@ on:
 
 jobs:
   lockfile:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index a59745a..17f962a 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   validate:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with: