From f0c1d89c024ed07a9fa04d90f8527232f7f84f2c Mon Sep 17 00:00:00 2001
From: Michael Yeager <michael.yeager@workiva.com>
Date: Tue, 9 Apr 2024 15:55:46 -0600
Subject: [PATCH 1/3] Update GHA publishing steps

---
 .github/workflows/publish.yaml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 8fb04693..77d9fad7 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -10,6 +10,16 @@ on:
 
 jobs:
   publish:
-    permissions:
-      id-token: write # Required for authentication using OIDC
-    uses: dart-lang/setup-dart/.github/workflows/publish.yml@v1
+    name: Publish to pub.dev
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dart-lang/setup-dart@v1
+        with:
+          sdk: stable
+      - name: Install dependencies
+        run: dart pub get
+      - name: Publish - dry run
+        run: dart pub publish --dry-run --skip-validation
+      - name: Publish
+        run: dart pub publish -f

From 9f9c56b95e13cb2f04849470b361a195e2ad758e Mon Sep 17 00:00:00 2001
From: Michael Yeager <michael.yeager@workiva.com>
Date: Tue, 9 Apr 2024 16:20:21 -0600
Subject: [PATCH 2/3] Add GHA SBOM generation step.

---
 .github/workflows/publish.yaml | 10 ++++++++++
 Dockerfile                     |  4 ----
 2 files changed, 10 insertions(+), 4 deletions(-)
 delete mode 100644 Dockerfile

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 77d9fad7..2a9d5b8f 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -9,6 +9,16 @@ on:
       - '[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
 
 jobs:
+  create-sbom-release-asset:
+    name: Create SBOM Release Asset
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Publish SBOM to Release Assets
+        uses: anchore/sbom-action@v0
+        with:
+          path: ./
+          format: cyclonedx-json
   publish:
     name: Publish to pub.dev
     runs-on: ubuntu-latest
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 25d12f58..00000000
--- a/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM dart:2.19
-ADD pubspec.yaml ./
-RUN dart pub get
-FROM scratch
\ No newline at end of file

From 1f8d135afa4283388f98434f840eb6e3fbd18a29 Mon Sep 17 00:00:00 2001
From: Michael Yeager <michael.yeager@workiva.com>
Date: Wed, 10 Apr 2024 11:09:31 -0600
Subject: [PATCH 3/3] Add publishing permissions

---
 .github/workflows/publish.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 2a9d5b8f..b5cdcf86 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -8,6 +8,11 @@ on:
       # Release Candidates
       - '[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
 
+permissions:
+  contents: write
+  id-token: write
+  pull-requests: write
+
 jobs:
   create-sbom-release-asset:
     name: Create SBOM Release Asset