fix: add contents:write permission for GitHub Releases

marcosf63 · marcosf63 · commit 07002fc71b67 · 2025-10-08T18:55:34.000-03:00
The GITHUB_TOKEN needs explicit 'contents: write' permission
to create releases. This fixes the 403 Forbidden error.

Changes:
- Add permissions block to publish-pypi workflow
- Grant contents:write for release creation
- Add id-token:write for trusted publishing (optional)
diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml
@@ -8,6 +8,9 @@ on:
 jobs:
   build-and-publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write  # Needed to create releases
+      id-token: write  # Needed for trusted publishing (optional)
 
     steps:
     - name: Checkout code
