From e9e8f489ae6b84955b4a6453fd607d23f5dab841 Mon Sep 17 00:00:00 2001 From: Phill MV Date: Mon, 22 Apr 2024 12:12:55 -0400 Subject: [PATCH] Update README.md to use `attestations` permission (#43) * Update README.md to use `attestations` permission * Update ci.yml * Update ci.yml * Update README.md Co-authored-by: Brian DeHamer * Update README.md Co-authored-by: Brian DeHamer --------- Co-authored-by: Brian DeHamer --- .github/workflows/ci.yml | 3 ++- README.md | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a26814e..5d9ab55 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,8 @@ jobs: name: Test attest-provenance action runs-on: ubuntu-latest permissions: - contents: write + attestations: write + contents: read id-token: write steps: diff --git a/README.md b/README.md index f9ad5c8..6829f98 100644 --- a/README.md +++ b/README.md @@ -29,11 +29,11 @@ attest: ```yaml permissions: id-token: write - contents: write # TODO: Update this + attestations: write ``` The `id-token` permission gives the action the ability to mint the OIDC token - permission is necessary to persist the attestation. The `contents` permission + permission is necessary to persist the attestation. The `attestations` permission is necessary to persist the attestation. 1. Add the following to your workflow after your artifact has been built: @@ -112,7 +112,8 @@ jobs: build: permissions: id-token: write - contents: write + contents: read + attestations: write steps: - name: Checkout @@ -166,7 +167,8 @@ jobs: permissions: id-token: write packages: write - contents: write + contents: read + attestations: write env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }}