mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-14 21:39:26 +00:00
workflows: Add explicit permissions for attestation
We have a number of jobs that nest the build-static-tarball workflows later on. Due to these doing attest build provenance, and pushing to ghcr.io, t hey need write permissions on `packages`, `id-token` and `attestations`, so we need to set these permissions on the top-level jobs (along with `contents: read`), so they are not blocked. Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
5
.github/workflows/ci-devel.yaml
vendored
5
.github/workflows/ci-devel.yaml
vendored
@@ -4,6 +4,11 @@ on:
|
||||
|
||||
jobs:
|
||||
kata-containers-ci-on-push:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
id-token: write
|
||||
attestations: write
|
||||
uses: ./.github/workflows/ci.yaml
|
||||
with:
|
||||
commit-hash: ${{ github.sha }}
|
||||
|
||||
Reference in New Issue
Block a user