Skip to content

Commit dd63e74

Browse files
v1vv1v
authored
ci: support provenance, store a different folder and use least-permissive access (#749)
1 parent 7c302f2 commit dd63e74

1 file changed

Lines changed: 8 additions & 4 deletions

File tree

.github/workflows/release.yml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,17 @@ env:
1212
DOCKER_IMAGE_NAME: observability/apm-lambda-extension
1313

1414
permissions:
15-
contents: write
16-
id-token: write
17-
pull-requests: read
15+
contents: read
1816

1917
jobs:
2018
build:
2119
runs-on: ubuntu-latest
20+
permissions:
21+
attestations: write
22+
artifact-metadata: write
23+
contents: write
24+
id-token: write
25+
pull-requests: read
2226
steps:
2327
- uses: actions/checkout@v6
2428
with:
@@ -65,7 +69,7 @@ jobs:
6569
if: always()
6670
with:
6771
name: aws
68-
path: ".aws*/**/*"
72+
path: ".aws-linux*/"
6973
retention-days: 5
7074

7175
- name: generate build provenance (binaries)

0 commit comments

Comments
 (0)