[chore] add permissions on job level #40

	name: "Publish test utils image"

	on:
	push:
	paths:
	- 'tests/Dockerfile.utils'
	- '.github/workflows/publish-test-utils-image.yaml'
	branches:
	- main
	pull_request:
	paths:
	- 'tests/Dockerfile.utils'
	- '.github/workflows/publish-test-utils-image.yaml'
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions: {}

	jobs:
	test-utils:
	runs-on: ubuntu-22.04
	permissions:
	packages: write # push container image

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
	with:
	images: ghcr.io/${{ github.repository }}/test-utils

	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

	- name: Login to GitHub Package Registry
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #v3.4.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push
	uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 #v6.16.0
	with:
	context: tests/
	file: tests/Dockerfile.utils
	platforms: linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
	push: ${{ github.event_name == 'push' }}
	tags: ${{ steps.meta.outputs.tags }}

Provide feedback