[llvm-branch-commits] [llvm] release/19.x: workflows: Fix permissions for release-sources job (#100750) (PR #102373)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Wed Aug 7 14:24:46 PDT 2024
https://github.com/llvmbot created https://github.com/llvm/llvm-project/pull/102373
Backport 82c2259aeb87f5cb418decfb6a1961287055e5d2
Requested by: @tstellar
>From d76aaed435edce7e07a760200b7e9aa7eb03b820 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Wed, 7 Aug 2024 14:19:22 -0700
Subject: [PATCH] workflows: Fix permissions for release-sources job (#100750)
For reusable workflows, the called workflow cannot upgrade it's
permissions, and since the default permission is none, we need to
explicitly declare 'contents: read' when calling the release-sources
workflow.
Fixes the error:
The workflow is requesting 'contents: read', but is only allowed
'contents: none'.
(cherry picked from commit 82c2259aeb87f5cb418decfb6a1961287055e5d2)
---
.github/workflows/release-tasks.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml
index 7dd4c306671b74..deacc24f54e077 100644
--- a/.github/workflows/release-tasks.yml
+++ b/.github/workflows/release-tasks.yml
@@ -99,6 +99,7 @@ jobs:
release-sources:
name: Package Release Sources
permissions:
+ contents: read
id-token: write
attestations: write
needs:
More information about the llvm-branch-commits
mailing list