add permissions for testing attestations

2026-02-19 03:14:51 -05:00 · 2026-02-10 17:30:46 -05:00
parent a4c57f038d
commit 0284bed175
6 changed files with 28 additions and 0 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -247,6 +247,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-macos
    with:
@@ -267,6 +269,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-macos
    with:
@@ -287,6 +291,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
@@ -311,6 +317,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
@@ -334,6 +342,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
@@ -356,6 +366,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
@@ -378,6 +390,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
@@ -398,6 +412,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
@@ -418,6 +434,8 @@ jobs:
      issues: read
      pull-requests: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
--- a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
@@ -67,6 +67,8 @@ jobs:
    permissions:
      contents: read
      id-token: write
+      attestations: write
+      artifact-metadata: write
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
--- a/.github/workflows/pipeline-electron-build-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-test.yml
@@ -72,6 +72,8 @@ jobs:
    permissions:
      contents: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
@@ -76,6 +76,8 @@ jobs:
    permissions:
      contents: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
@@ -81,6 +81,8 @@ jobs:
    permissions:
      contents: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -91,6 +91,8 @@ jobs:
    permissions:
      contents: read
      id-token: write
+      attestations: write
+      artifact-metadata: write      
    container: ${{ fromJSON(inputs.build-container) }}
    environment: ${{ inputs.environment }}
    env: