diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index 1ab83738..e2d1c5c2 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -62,7 +62,7 @@ jobs: # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings id-token: write - contents: read # this is required for actions/checkout + contents: write # this is required for actions/checkout secrets: inherit with: ref_name: ${{ needs.get-latest-tag.outputs.tag }} diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index e4cacc04..ef4469cf 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -6,14 +6,14 @@ on: name: release-please permissions: - contents: read + contents: write # Required for trigger-release-automation job pull-requests: write jobs: release-please: runs-on: ubuntu-latest permissions: - contents: read + contents: write pull-requests: write timeout-minutes: 2 outputs: @@ -25,4 +25,7 @@ jobs: name: Trigger release-automation.yaml if PR is merged needs: [release-please] if: ${{ needs.release-please.outputs.release_created == 'true' }} + permissions: + contents: write # Required for uploading release assets + id-token: write # Required for AWS OIDC authentication uses: ./.github/workflows/release-automation.yaml diff --git a/go.mod b/go.mod index 6bc14f88..8c8352fd 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/aws/aws-sdk-go-v2 v1.39.0 github.com/containerd/cgroups v1.1.0 github.com/containerd/nerdctl/v2 v2.1.4 - github.com/docker/cli v28.4.0+incompatible - github.com/docker/docker v28.4.0+incompatible + github.com/docker/cli v28.5.1+incompatible + github.com/docker/docker v28.5.1+incompatible github.com/docker/go-connections v0.6.0 github.com/google/go-licenses v1.6.1-0.20230903011517-706b9c60edd4 github.com/lima-vm/lima v1.2.1 diff --git a/go.sum b/go.sum index 03f1c03f..c62eb3bb 100644 --- a/go.sum +++ b/go.sum @@ -86,10 +86,10 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v28.4.0+incompatible h1:RBcf3Kjw2pMtwui5V0DIMdyeab8glEw5QY0UUU4C9kY= -github.com/docker/cli v28.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk= -github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/cli v28.5.1+incompatible h1:ESutzBALAD6qyCLqbQSEf1a/U8Ybms5agw59yGVc+yY= +github.com/docker/cli v28.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker v28.5.1+incompatible h1:Bm8DchhSD2J6PsFzxC35TZo4TLGR2PdW/E69rU45NhM= +github.com/docker/docker v28.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=