Set explicit Docker permissions

.github/workflows/publish-pypi.yml

@@ -23,8 +23,8 @@ jobs:
     steps:
       - uses: actions/download-artifact@v3
         with:
-          name: wheels
-          path: wheels
+          name: xyz
+          path: abc
       - name: Publish to PyPi
         uses: pypa/gh-action-pypi-publish@release/v1
         with:

.github/workflows/release.yml

@@ -100,6 +100,9 @@ jobs:
     with:
       plan: ${{ needs.plan.outputs.val }}
     secrets: inherit
+    permissions:
+      packages: write
+      contents: read
 
   # Build and package all the platform-agnostic(ish) things
   build-global-artifacts:

Cargo.toml

@@ -167,3 +167,5 @@ build-local-artifacts = false
 local-artifacts-jobs = ["./build-binaries", "./build-docker"]
 # Publish jobs to run in CI
 publish-jobs = ["./publish-pypi"]
+# For: `permissions: packages: write`.
+allow-dirty = ["ci"]

Dockerfile

@@ -30,16 +30,16 @@ ENV PATH="$HOME/.cargo/bin:$PATH"
 # Installs the correct toolchain version from rust-toolchain.toml and then the musl target
 RUN rustup target add $(cat rust_target.txt)
 
-# Build
-COPY crates crates
-COPY ./Cargo.toml Cargo.toml
-COPY ./Cargo.lock Cargo.lock
-RUN cargo zigbuild --bin puffin --target $(cat rust_target.txt) --release
-RUN cp target/$(cat rust_target.txt)/release/puffin /puffin
-# TODO(konsti): Optimize binary size, with a version that also works when cross compiling
-# RUN strip --strip-all /puffin
-
-FROM scratch
-COPY --from=build /puffin /puffin
-WORKDIR /io
-ENTRYPOINT ["/puffin"]
+## Build
+#COPY crates crates
+#COPY ./Cargo.toml Cargo.toml
+#COPY ./Cargo.lock Cargo.lock
+#RUN cargo zigbuild --bin puffin --target $(cat rust_target.txt) --release
+#RUN cp target/$(cat rust_target.txt)/release/puffin /puffin
+## TODO(konsti): Optimize binary size, with a version that also works when cross compiling
+## RUN strip --strip-all /puffin
+#
+#FROM scratch
+#COPY --from=build /puffin /puffin
+#WORKDIR /io
+#ENTRYPOINT ["/puffin"]