Skip to content

Commit 265b10c

Browse files
wileyjwileyj
committed
add required permissions and environment
1 parent dbd71ab commit 265b10c

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

.github/workflows/github-release.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,9 @@ concurrency:
3838
run-name: ${{ inputs.node_tag || inputs.signer_tag }}
3939

4040
jobs:
41-
## This job's sole purpose is trigger a secondary approval outside of the matrix jobs below.
41+
## This job's sole purpose is trigger a secondary approval outside of the matrix jobs below.
4242
## - If this job isn't approved to run, then the subsequent jobs will also not run - for this reason, we always exit 0
43-
## - `andon-cord` requires the repo environment "Build Release", which will trigger a secondary approval step before running this workflow.
43+
## - `andon-cord` requires the repo environment "Build Release", which will trigger a secondary approval step before running this workflow.
4444
andon-cord:
4545
if: |
4646
inputs.node_tag != '' ||
@@ -135,11 +135,14 @@ jobs:
135135
inputs.signer_tag != ''
136136
name: Docker Image (Binary)
137137
runs-on: ubuntu-latest
138+
environment: "Push to Docker"
139+
permissions:
140+
id-token: write
141+
attestations: write
138142
needs:
139143
- andon-cord
140144
- build-binaries
141145
- create-release
142-
environment: "Push to Docker"
143146
strategy:
144147
fail-fast: false
145148
## Build a maximum of 2 images concurrently based on matrix.dist

.github/workflows/image-build-source.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -77,8 +77,7 @@ jobs:
7777
id: attest_primary
7878
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
7979
with:
80-
# subject-name: index.docker.io/${{ env.docker-org }}/${{ github.event.repository.name }}
81-
subject-name: |
80+
subject-name: |
8281
index.docker.io/${{env.docker-org}}/${{ github.event.repository.name }}
8382
subject-digest: ${{ steps.docker_build.outputs.digest }}
8483
push-to-registry: true
@@ -87,8 +86,7 @@ jobs:
8786
id: attest_secondary
8887
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
8988
with:
90-
# subject-name: index.docker.io/${{ env.docker-org }}/${{ github.event.repository.name }}
91-
subject-name: |
89+
subject-name: |
9290
index.docker.io/${{env.docker-org}}/stacks-blockchain
9391
subject-digest: ${{ steps.docker_build.outputs.digest }}
9492
push-to-registry: true

0 commit comments

Comments
 (0)