Update README.md to use attestations permission (#43)

* Update README.md to use `attestations` permission * Update ci.yml * Update ci.yml * Update README.md Co-authored-by: Brian DeHamer <bdehamer@github.com> * Update README.md Co-authored-by: Brian DeHamer <bdehamer@github.com> --------- Co-authored-by: Brian DeHamer <bdehamer@github.com>
2025-12-13 19:02:19 +00:00 · 2024-04-22 12:12:55 -04:00 · 2024-04-22 12:12:55 -04:00 · e9e8f489ae
commit e9e8f489ae
parent 21a4fc8dbf
2 changed files with 8 additions and 5 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -50,7 +50,8 @@ jobs:
    name: Test attest-provenance action
    runs-on: ubuntu-latest
    permissions:
-      contents: write
+      attestations: write
+      contents: read
      id-token: write

    steps:
--- a/README.md
+++ b/README.md
@ -29,11 +29,11 @@ attest:
   ```yaml
   permissions:
     id-token: write
-     contents: write # TODO: Update this
+     attestations: write
   ```

   The `id-token` permission gives the action the ability to mint the OIDC token
-   permission is necessary to persist the attestation. The `contents` permission
+   permission is necessary to persist the attestation. The `attestations` permission
   is necessary to persist the attestation.

 1. Add the following to your workflow after your artifact has been built:
@ -112,7 +112,8 @@ jobs:
  build:
    permissions:
      id-token: write
-      contents: write
+      contents: read
+      attestations: write

    steps:
      - name: Checkout
@ -166,7 +167,8 @@ jobs:
    permissions:
      id-token: write
      packages: write
-      contents: write
+      contents: read
+      attestations: write
    env:
      REGISTRY: ghcr.io
      IMAGE_NAME: ${{ github.repository }}