Skip to content

Commit

Permalink
fix: permissions for slsa provenance
Browse files Browse the repository at this point in the history
  • Loading branch information
saisatishkarra committed Jun 4, 2024
1 parent 722d268 commit 4508e71
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/release-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,7 @@ jobs:
id-token: write # needed for signing the images
actions: read # For getting workflow run info to build provenance
packages: write # Required for publishing provenance. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
contents: read
strategy:
fail-fast: true
matrix:
Expand All @@ -314,6 +315,7 @@ jobs:
actions: read # For getting workflow run info to build provenance
packages: write # Required for publishing provenance. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
# need to use non hash version because of: https://github.com/slsa-framework/slsa-github-generator/issues/3498
contents: read
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
with:
image: ${{ needs.publish.outputs.INSO_DOCKER_IMAGE }}
Expand Down

0 comments on commit 4508e71

Please sign in to comment.