File tree Expand file tree Collapse file tree 1 file changed +14
-0
lines changed
Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change 5252 release : ${{ steps.set-version.outputs.release }}
5353 version : ${{ steps.set-version.outputs.version }}
5454
55+ permissions :
56+ id-token : write
57+ contents : read
58+
5559 steps :
5660 - name : " Checkout"
5761 uses : actions/checkout@v4
8791 uses : advanced-security/reusable-workflows/.github/workflows/container-security.yml@main
8892 needs : set-version
8993 secrets : inherit
94+ permissions :
95+ id-token : write
96+ contents : read
97+ packages : read # Read Container Registry
98+ security-events : write # Code Scanning
9099 with :
91100 version : ${{ needs.set-version.outputs.version }}
92101 container-file : ${{ inputs.container-file }}
@@ -98,6 +107,11 @@ jobs:
98107 needs : [ scan-image, set-version ]
99108 if : ${{ needs.set-version.outputs.release == 'true' }}
100109 secrets : inherit
110+ permissions :
111+ id-token : write
112+ contents : write # Upload SBOM to GitHub
113+ packages : write # Push to Container Registry
114+ attestations : write # Upload attestations
101115 with :
102116 version : ${{ needs.set-version.outputs.version }}
103117 container-file : ${{ inputs.container-file }}
You can’t perform that action at this time.
0 commit comments