github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-31 15:25:26 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11437 from kata-containers/release-flow-permissions-fixes-iii

Browse Source 
workflows: Release permissions
This commit is contained in:
Fabiano Fidêncio 2025-06-19 11:23:46 +02:00 committed by GitHub
commit f7d3ea0c55
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/release.yaml vendored
View File

@ -8,6 +8,8 @@ permissions:
jobs:
release:
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release create` command
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -77,6 +79,8 @@ jobs:
publish-multi-arch-images:
runs-on: ubuntu-22.04
needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
permissions:
contents: write # needed for the `gh release` commands
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -110,6 +114,8 @@ jobs:
upload-multi-arch-static-tarball:
needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
permissions:
contents: write # needed for the `gh release` commands
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
@ -173,6 +179,8 @@ jobs:
upload-versions-yaml:
needs: release
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release` commands
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -188,6 +196,8 @@ jobs:
upload-cargo-vendored-tarball:
needs: release
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release` commands
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -203,6 +213,8 @@ jobs:
upload-libseccomp-tarball:
needs: release
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release` commands
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -218,6 +230,9 @@ jobs:
upload-helm-chart-tarball:
needs: release
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release` commands
packages: write # needed to push the helm chart to ghcr.io
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -248,6 +263,8 @@ jobs:
publish-release:
needs: [ build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le, publish-multi-arch-images, upload-multi-arch-static-tarball, upload-versions-yaml, upload-cargo-vendored-tarball, upload-libseccomp-tarball ]
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release` commands
steps:
- name: Checkout repository
uses: actions/checkout@v4