ci: fix attestation perms

.github/workflows/docker-pub.yml

@@ -1,6 +1,9 @@
 name: Docker Pub
 
-on: workflow_dispatch
+on: 
+  - workflow_dispatch
+  - schedule:
+    - cron: "0 0 * * *"
 
 jobs:
   build:
@@ -10,9 +13,15 @@ jobs:
       contents: read
       packages: write
       attestations: write
+      id-token: write
+
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v4
+
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -27,7 +36,7 @@ jobs:
           password: ${{ secrets.GH_TOKEN }}
 
       - name: Build Meta
-        run: echo "::set-output name=dtag::ghcr.io/barelyhuman/goblin:nightly"
+        run: echo "::set-output name=dtag::ghcr.io/barelyhuman/goblin:nightly-${{ steps.date.outputs.date }}"
         id: meta
 
       - name: Build and push
@@ -47,6 +56,6 @@ jobs:
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ghcr.io/barelyhuman/goblin:nightly
+          subject-name: ghcr.io/barelyhuman/goblin:nightly-${{ steps.date.outputs.date }}
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true