ci: add id-token permission and update the signing command (#5016)

2026-01-17 01:30:34 +00:00 · 2022-09-05 23:57:27 +03:00
parent 5dfa08174a
commit 0499d9c1c4
2 changed files with 7 additions and 1 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,6 +20,12 @@ jobs:
          GO_SEMVER: '~1.19.0'

    runs-on: ${{ matrix.os }}
+    # https://github.com/sigstore/cosign/issues/1258#issuecomment-1002251233
+    # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
+    permissions:
+      id-token: write
+      # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps#permission-on-contents
+      contents: read

    steps:
    - name: Install Go