diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6eb6ecb..548dd21 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,6 +2,10 @@ name: 'release' on: # rebuild any PRs and main branch changes release: types: [created] +permissions: + id-token: write + contents: write + packages: write jobs: package-and-publish: runs-on: ubuntu-latest diff --git a/action.yml b/action.yml index f204310..eabb84e 100644 --- a/action.yml +++ b/action.yml @@ -1,6 +1,11 @@ name: 'Package and Publish' description: 'Publish actions as OCI artifacts to GHCR' +permissions: + id-token: write + contents: write + packages: write + # TODO: Add your action's branding here. This will appear on the GitHub Marketplace. branding: icon: 'heart' @@ -39,10 +44,10 @@ runs: echo "package manifest sha": ${{steps.publish.outputs.package-manifest-sha}} echo "package url": ${{steps.publish.outputs.package-url}} echo "subject name": ${{github.repository}}_${{github.ref}} - # - name: Generate Provenance Attestation - # uses: github-early-access/generate-build-provenance@main - # id: build-provenance - # with: - # subject-name: ${{github.repository}}_${{github.ref}} - # subject-digest: ${{steps.publish.outputs.package-manifest-sha}} - # push-to-registry: false + - name: Generate Provenance Attestation + uses: github-early-access/generate-build-provenance@main + id: build-provenance + with: + subject-name: ${{github.repository}}_${{github.ref}} + subject-digest: ${{steps.publish.outputs.package-manifest-sha}} + push-to-registry: false