Merge pull request #1671 from kubescape/fix/wf-permissions

update permissions
2026-03-02 17:50:26 +00:00 · 2024-04-30 10:28:22 +03:00 · 2024-04-30 10:27:23 +03:00 · 2024-04-30 10:23:48 +03:00 · 2024-04-30 10:21:35 +03:00
3 changed files with 8 additions and 1 deletions
--- a/.github/workflows/00-pr-scanner.yaml
+++ b/.github/workflows/00-pr-scanner.yaml
@@ -34,6 +34,7 @@ jobs:
      repository-projects: read
      security-events: read
      statuses: read
+      attestations: read
    uses: ./.github/workflows/a-pr-scanner.yaml
    with:
      RELEASE: ""
@@ -58,6 +59,7 @@ jobs:
      repository-projects: read
      security-events: read
      statuses: read
+      attestations: read
    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
    with:
      COMPONENT_NAME: kubescape
--- a/.github/workflows/02-release.yaml
+++ b/.github/workflows/02-release.yaml
@@ -30,6 +30,7 @@ jobs:
      repository-projects: read
      security-events: read
      statuses: read
+      attestations: write
    needs: [retag]
    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
    with:
@@ -55,6 +56,7 @@ jobs:
      repository-projects: read
      statuses: read
      security-events: read
+      attestations: read
    needs: [retag, binary-build]
    uses: ./.github/workflows/c-create-release.yaml
    with:
@@ -77,6 +79,7 @@ jobs:
      repository-projects: read
      security-events: read
      statuses: read
+      attestations: read
    uses: ./.github/workflows/d-publish-image.yaml
    needs: [create-release, retag]
    with:
@@ -86,3 +89,4 @@ jobs:
      support_platforms: true
      cosign: true
    secrets: inherit
+   
--- a/.github/workflows/b-binary-build-and-e2e-tests.yaml
+++ b/.github/workflows/b-binary-build-and-e2e-tests.yaml
@@ -75,7 +75,7 @@ jobs:
          SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-        run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && \n                        env.USERNAME != '' &&\n                        env.PASSWORD != '' &&\n                        env.CLIENT_ID != '' &&\n                        env.SECRET_KEY != '' &&\n                        env.REGISTRY_USERNAME != '' &&\n                        env.REGISTRY_PASSWORD != ''\n                      }}\" >> $GITHUB_OUTPUT\n"
+        run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && env.USERNAME != '' && env.PASSWORD != '' && env.CLIENT_ID != '' && env.SECRET_KEY != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' }}\" >> $GITHUB_OUTPUT\n"

      - id: export_tests_to_env
        name: set test name
@@ -290,5 +290,6 @@ jobs:
        uses: mikepenz/action-junit-report@6e9933f4a97f4d2b99acef4d7b97924466037882 # ratchet:mikepenz/action-junit-report@v3.6.1
        if: always() # always run even if the previous step fails
        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
          report_paths: '**/results_xml_format/**.xml'
          commit: ${{github.event.workflow_run.head_sha}}
Author	SHA1	Message	Date
David Wertenteil	f39d4efd62	Merge pull request #1671 from kubescape/fix/wf-permissions update permissions	2024-04-30 10:28:22 +03:00
David Wertenteil	97ce466fbd	update permissions Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-04-30 10:27:23 +03:00
David Wertenteil	a94dc85e14	Merge pull request #1670 from kubescape/fix/wf-permissions Adding attestations to the permissions	2024-04-30 10:23:48 +03:00
David Wertenteil	7811b0a4a6	adding attestations to the permissions Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-04-30 10:21:35 +03:00