From a0723a16cb5edb1ec29e4fe9c85bf55f457634af Mon Sep 17 00:00:00 2001
From: James Rich <2199651+jamesarich@users.noreply.github.com>
Date: Tue, 3 Mar 2026 12:48:24 -0600
Subject: [PATCH] ci: update github-release permissions and environment
 settings

Signed-off-by: James Rich <2199651+jamesarich@users.noreply.github.com>
---
 .github/workflows/release.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0cdde8668a..d67a5f6650 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -277,6 +277,11 @@ jobs:
   github-release:
     runs-on: ubuntu-latest
     needs: [prepare-build-info, release-google, release-fdroid]
+    environment: Release
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
@@ -294,7 +299,7 @@ jobs:
         with:
           tag_name: ${{ inputs.tag_name }}
           name: ${{ inputs.tag_name }} (${{ needs.prepare-build-info.outputs.APP_VERSION_CODE }})
-          generate_release_notes: true
+          generate_release_notes: false
           files: ./artifacts/*/*
           draft: true
           prerelease: true