From 6a7057735b0db6156ce4e8a39f52d7dec831de7d Mon Sep 17 00:00:00 2001 From: Phill MV Date: Mon, 15 Apr 2024 14:52:46 -0400 Subject: [PATCH] Update README.md to refer to `attestations` permission (#37) * Update README.md to refer to `attestations` permission * Update ci.yml * Update README.md Co-authored-by: Brian DeHamer * Update README.md Co-authored-by: Brian DeHamer * Update .github/workflows/ci.yml Co-authored-by: Brian DeHamer --------- Co-authored-by: Brian DeHamer --- .github/workflows/ci.yml | 3 ++- README.md | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d29b15..b69e1e0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,8 @@ jobs: name: Test attest action runs-on: ubuntu-latest permissions: - contents: write + contents: read + attestations: write id-token: write env: SUBJECT: /repos/${{ github.repository }}/tarball/${{ github.sha }} diff --git a/README.md b/README.md index 2845003..2ff5a3a 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,11 @@ attest: ```yaml permissions: id-token: write - contents: write # TODO: Update this + attestations: write ``` The `id-token` permission gives the action the ability to mint the OIDC token - necessary to request a Sigstore signing certificate. The `contents` + necessary to request a Sigstore signing certificate. The `attestations` permission is necessary to persist the attestation. 1. Add the following to your workflow after your artifact has been built: @@ -128,7 +128,8 @@ jobs: build: permissions: id-token: write - contents: write + contents: read + attestations: write steps: - name: Checkout @@ -186,7 +187,8 @@ jobs: permissions: id-token: write packages: write - contents: write + contents: read + attestations: write env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }}