ci: fix attestation perms

barelyhuman · barelyhuman · commit a90d2bad0435 · 2024-06-26T04:30:35.000+05:30
diff --git a/.github/workflows/docker-pub.yml b/.github/workflows/docker-pub.yml
@@ -1,6 +1,9 @@
 name: Docker Pub
 
-on: workflow_dispatch
+on: 
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
 
 jobs:
   build:
@@ -10,9 +13,15 @@ jobs:
       contents: read
       packages: write
       attestations: write
+      id-token: write
+      
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v4
+      
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y%m%d')"
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -27,7 +36,7 @@ jobs:
           password: ${{ secrets.GH_TOKEN }}
 
       - name: Build Meta
-        run: echo "::set-output name=dtag::ghcr.io/barelyhuman/goblin:nightly"
+        run: echo "::set-output name=dtag::ghcr.io/barelyhuman/goblin:nightly-${{ steps.date.outputs.date }}"
         id: meta
 
       - name: Build and push
@@ -47,6 +56,6 @@ jobs:
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ghcr.io/barelyhuman/goblin:nightly
+          subject-name: ghcr.io/barelyhuman/goblin
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
