add back write perms needed for Azure interaction

Author: sean-breen

.github/workflows/assertion.yml

@@ -26,6 +26,7 @@ jobs:
     runs-on: ubuntu-22.04
     if: ${{ !github.event.pull_request.head.repo.fork }}
     permissions:
+      id-token: write # for OIDC authentication
       contents: read # Needed to download artifacts
     strategy:
       matrix:

.github/workflows/ci.yml

@@ -65,7 +65,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-22.04
     permissions:
-      id-token: write
+      id-token: write # for OIDC authentication
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Get Secrets from Azure Key Vault
@@ -106,6 +106,8 @@ jobs:
   unit-test:
     name: Unit Tests
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write # for OIDC authentication
     steps:
         - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         - name: Get Secrets from Azure Key Vault
@@ -139,6 +141,8 @@ jobs:
   race-condition-test:
     name: Unit tests with race condition detection
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write # for OIDC authentication
     steps:
         - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         - name: Get Secrets from Azure Key Vault
@@ -167,6 +171,8 @@ jobs:
   build-unsigned-snapshot:
     name: Build Unsigned Snapshot
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write # for OIDC authentication
     steps:
         - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
           with:
@@ -273,6 +279,8 @@ jobs:
     name: Upgrade Tests
     needs: build-unsigned-snapshot
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write # for OIDC authentication
     strategy:
       matrix:
         container:
@@ -334,6 +342,8 @@ jobs:
     needs: build-unsigned-snapshot
     if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write # for OIDC authentication
     strategy:
       matrix:
         container:
@@ -403,6 +413,8 @@ jobs:
     needs: build-unsigned-snapshot
     if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write # for OIDC authentication
     strategy:
       matrix:
         container:
@@ -661,6 +673,7 @@ jobs:
     runs-on: ubuntu-22.04
     needs: build-unsigned-snapshot
     permissions:
+      id-token: write # for OIDC authentication
       contents: write # Needed for pushing benchmark results to github branch
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
@@ -707,6 +720,7 @@ jobs:
     name: Load Tests
     if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
     permissions:
+      id-token: write # for OIDC authentication
       contents: write # Needed for pushing benchmark results to github branch
     runs-on: ubuntu-22.04
     needs: build-unsigned-snapshot

.github/workflows/upload-release-assets.yml

@@ -52,6 +52,7 @@ jobs:
     runs-on: ubuntu-22.04
     needs: [vars]
     permissions:
+      id-token: write # for OIDC authentication
       contents: write # Needed for uploading release assets to GitHub
     steps:
       - name: Checkout Repository