From f5e40a70204709d71847aa61a439809bd091ad98 Mon Sep 17 00:00:00 2001
From: Alex Price <2804025+awprice@users.noreply.github.com>
Date: Fri, 14 Jun 2024 11:47:44 +1000
Subject: [PATCH] attempt to fix up docker push action (#244)

Signed-off-by: Alex Price <aprice@atlassian.com>
---
 .github/workflows/docker-publish.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index ef2daa6b..a9f65a91 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -17,7 +17,11 @@ jobs:
   push:
     runs-on: ubuntu-latest
     if: github.event_name == 'push'
-
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - uses: actions/checkout@v3
 
@@ -34,13 +38,11 @@ jobs:
 
       # Log in to GitHub Container registry
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          # a PAT with `read:packages` and `write:packages` scopes is an Actions secret `CR_PAT`.
-          # Doesn't support Org or Repo level PATs and no bot accounts
-          username: ${{ secrets.CR_PAT_USER }}
-          password: ${{ secrets.CR_PAT }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Push image to GitHub Container Registry
         run: |