Skip to content

Commit

Permalink
Update release workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@PKief
PKief committed Aug 10, 2024
1 parent 5f7cb0c commit 1959aa1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ on:
permissions:
id-token: write
contents: read
attestations: write

This comment has been minimized.

Sign in to view

Copy link
@okineadev

okineadev Aug 10, 2024

Member

Why did you delete it?

This comment has been minimized.

Sign in to view

Copy link
@okineadev

okineadev Aug 10, 2024

Member

@PKief

This comment has been minimized.

Sign in to view

Copy link
@PKief

PKief Aug 10, 2024

Author Member

I just added the permission to the job itself

This comment has been minimized.

Sign in to view

Copy link
@okineadev

okineadev Aug 11, 2024

Member

I just added the permission to the job itself

good.

This comment has been minimized.

Sign in to view

Copy link
@okineadev

okineadev Aug 11, 2024

Member

From the point of view of security, it will be better

jobs:
release:
Expand All @@ -27,6 +26,7 @@ jobs:
permissions:
contents: write
id-token: write
attestations: write

steps:
- name: Checkout 🛎️
Expand Down Expand Up @@ -64,7 +64,7 @@ jobs:
run: bunx @vscode/vsce package

- name: Attest artifacts ✅
uses: actions/attest@2da0b136720d14f01f4dbeeafd1d5a4d76cbe21d # v1.4.0
uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1
# Read: https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
with:
subject-path: '${{ env.NAME }}-${{ env.VERSION }}.vsix'
Expand Down

0 comments on commit 1959aa1

Please sign in to comment.