github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-01 15:57:20 +00:00
Code Issues Projects Releases Wiki Activity

workflows: Fix permissions

Browse Source 
Add extra permissions for reusable workflow calls
that need them later on

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman 2025-06-19 08:44:18 +01:00
parent e82de65d5d
commit 9adf989555
5 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/ci-weekly.yaml vendored
View File

@ -119,3 +119,6 @@ jobs:
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
permissions:
contents: read
id-token: write

5
.github/workflows/release-amd64.yaml vendored
View File

@ -20,6 +20,11 @@ jobs:
stage: release
secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy:
needs: build-kata-static-tarball-amd64

5
.github/workflows/release-arm64.yaml vendored
View File

@ -20,6 +20,11 @@ jobs:
stage: release
secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy:
needs: build-kata-static-tarball-arm64

5
.github/workflows/release-ppc64le.yaml vendored
View File

@ -20,6 +20,11 @@ jobs:
stage: release
secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy:
needs: build-kata-static-tarball-ppc64le

5
.github/workflows/release-s390x.yaml vendored
View File

@ -23,6 +23,11 @@ jobs:
secrets:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy: