From 67846bed5a47b15dab5641a3646f431b603fcfb4 Mon Sep 17 00:00:00 2001
From: Nicholas Lee <nicholas.lee@appfolio.com>
Date: Thu, 7 May 2026 15:19:23 -0700
Subject: [PATCH 1/2] ci: add id-token permission for OIDC trusted publishing

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0013597..4c76b62 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: write
+  id-token: write
   pull-requests: write
 
 jobs:

From 4b50f9d76c7ebee2fffd4f9513b0c62d0a237063 Mon Sep 17 00:00:00 2001
From: Nicholas Lee <nicholas.lee@appfolio.com>
Date: Fri, 8 May 2026 12:01:35 -0700
Subject: [PATCH 2/2] ci: scope release-please to gem-shipped files

---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4c76b62..ce1b762 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,10 @@ on:
     branches:
       - main
       - master
+    paths:
+      - 'lib/**'
+      - 'declarative_authorization.gemspec'
+      - 'LICENSE.txt'
 
 permissions:
   contents: write