coffee/fmt
1
0
Fork 0
mirror of https://github.com/fmtlib/fmt.git synced 2026-06-15 00:16:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix release workflow startup failure from insufficient permissions

Browse Source 
The provenance job called the SLSA generator with contents: read, but the
generator's upload-assets job declares contents: write. A reusable
workflow's job permissions may not exceed the caller's, so GitHub failed
the run at startup. Grant contents: write; the upload-assets job is still
skipped at runtime since upload-assets is false.
This commit is contained in:
Victor Zverovich 2026-06-09 07:40:36 +02:00
parent 2de684d52d
commit 87bb05d3b2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/release.yml vendored
View File

@ -87,7 +87,10 @@ jobs:
permissions:
actions: read
id-token: write
contents: read
# contents: write is required because the generator's (skipped)
# upload-assets job declares it, and a reusable workflow's job
# permissions may not exceed the caller's, or the run fails at startup.
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
with:
base64-subjects: ${{ needs.build.outputs.hashes }}