From ebc50936331831f896fbc024a0f335db85b39a10 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Wed, 8 May 2024 11:42:28 -0400
Subject: [PATCH] publish-commit-bottles: drop perms, add GPG env

Signed-off-by: William Woodruff <william@yossarian.net>
---
 .github/workflows/publish-commit-bottles.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/publish-commit-bottles.yml b/.github/workflows/publish-commit-bottles.yml
index 5861c40965336..ebf4044b4f4f4 100644
--- a/.github/workflows/publish-commit-bottles.yml
+++ b/.github/workflows/publish-commit-bottles.yml
@@ -246,8 +246,6 @@ jobs:
     permissions:
       attestations: write # for `generate build provenance`
       id-token: write # for `generate build provenance`
-      contents: write # for `generate build provenance`
-      packages: write # for `generate build provenance`
       actions: read # for `brew pr-pull`
       pull-requests: write # for `gh pr edit|review`
       repository-projects: write # for `gh pr edit`
@@ -345,6 +343,7 @@ jobs:
         working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
         env:
           BREWTESTBOT_NAME_EMAIL: "BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>"
+          HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
           HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
           HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
         run: |