actions/docker-attest-build-provenance
1
0
Fork 0
mirror of https://github.com/actions/attest-build-provenance.git synced 2026-05-13 08:20:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add artifact-metadata permission docs

Browse Source 
Signed-off-by: Meredith Lancaster <malancas@github.com>
This commit is contained in:
Meredith Lancaster 2025-12-18 13:03:29 -08:00
parent c809917cd3
commit 2708162562
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -46,11 +46,15 @@ attest:
permissions:
id-token: write
attestations: write
artifact-metadata: write
```
The `id-token` permission gives the action the ability to mint the OIDC token
necessary to request a Sigstore signing certificate. The `attestations`
permission is necessary to persist the attestation.
The `artifact-metadata` permission is required to generate artifact
metadata storage records. If this permission is not included, the action
will continue without creating the record.
1. Add the following to your workflow after your artifact has been built: