From 6746574d8666976205803f51c21d1d30c5a6fe04 Mon Sep 17 00:00:00 2001
From: Lucas PASCAL <lucas.pascal@ledger.com>
Date: Thu, 6 Mar 2025 14:41:56 +0100
Subject: [PATCH] [ci][fix] Reducing specific permission to the targeted job, +
 adding capability to deploy a release

---
 .github/workflows/ci.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc0afda..3764ade 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,10 +12,6 @@ on:
       - master
       - develop
 
-permissions:
-  id-token: write
-  attestations: write
-
 jobs:
   build_install:
     name: Build and install the Ledgerblue Python package
@@ -42,6 +38,11 @@ jobs:
     name: Build the Python package, and deploy if needed
     runs-on: public-ledgerhq-shared-small
     needs: build_install
+    permissions:
+      id-token: write
+      attestations: write
+      contents: write
+
     steps:
     - name: Clone
       uses: actions/checkout@v3