github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-05 11:36:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11435 from kata-containers/release-flow-permissions-fix(es)

Browse Source 
workflows: Fix permissions
This commit is contained in:
Steve Horsman 2025-06-19 09:35:23 +01:00 committed by GitHub
commit 00c9e61b60
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/ci-weekly.yaml vendored
View File

@ -119,3 +119,6 @@ jobs:
AZ_APPID: ${{ secrets.AZ_APPID }} AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
permissions:
contents: read
id-token: write

5
.github/workflows/release-amd64.yaml vendored
View File

@ -20,6 +20,11 @@ jobs:
stage: release stage: release
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-amd64 needs: build-kata-static-tarball-amd64

5
.github/workflows/release-arm64.yaml vendored
View File

@ -20,6 +20,11 @@ jobs:
stage: release stage: release
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-arm64 needs: build-kata-static-tarball-arm64

5
.github/workflows/release-ppc64le.yaml vendored
View File

@ -20,6 +20,11 @@ jobs:
stage: release stage: release
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-ppc64le needs: build-kata-static-tarball-ppc64le

5
.github/workflows/release-s390x.yaml vendored
View File

@ -23,6 +23,11 @@ jobs:
secrets: secrets:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy: kata-deploy: