From fc4210920ea0acf7a12fd55f109265963574d7fc Mon Sep 17 00:00:00 2001
From: Carsten Meininger <carsten.meininger@bahag.com>
Date: Wed, 27 May 2026 23:18:20 +0200
Subject: [PATCH] fix: add packages:write permission to docker-build job

Tags trigger a push event (not pull_request), so the tag condition
correctly runs docker-build, but GHCR push was denied without the
packages:write permission.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6f91c70..8314bae 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -83,6 +83,7 @@ jobs:
     if: github.event_name == 'pull_request' || startsWith(github.ref, 'refs/tags/')
     permissions:
       contents: read
+      packages: write
 
     steps:
       - uses: actions/checkout@v4