From 6fbd31b235dde6f7089aef7de69922e70ec89aa1 Mon Sep 17 00:00:00 2001
From: Sebastian Noe <sebastian.schneider@boxine.de>
Date: Wed, 13 May 2026 13:09:53 +0200
Subject: [PATCH] fix(ci): grant contents:write for SBOM release asset upload

anchore/sbom-action attaches SBOMs to GitHub releases, which requires
write access to contents. The workflow previously only had read access,
causing 'Resource not accessible by integration' errors.
---
 .github/workflows/docker-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 787c227c..8c22fa3c 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     permissions:
-      contents: read
+      contents: write
       packages: write
       id-token: write
       attestations: write