Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106

Added missing permissions required for code-sign-windows (#32281)

Browse source 
For #32007.

Added missing attestation permission requirements.
This commit is contained in:
Juan Fernandez 2025-08-25 17:08:36 -04:00 committed by GitHub
parent a2e53d6db4
commit 583c95c7b9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/build-fleetd-base-msi.yml vendored
View file

@ -70,10 +70,11 @@ jobs:
needs: build
uses: ./.github/workflows/code-sign-windows.yml
permissions:
contents: read
id-token: write # required for attestations
attestations: write # required for attestations
with:
attest: "true"
attest: true
filename: fleetd-base.msi
upload_name: fleetd-base-msi
secrets:

2
.github/workflows/code-sign-windows.yml vendored
View file

@ -98,7 +98,7 @@ jobs:
shell: cmd
- name: Attest binary
if: ${{ inputs.attest == 'true' }}
if: ${{ inputs.attest }}
continue-on-error: true
uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0
with:

12
.github/workflows/generate-desktop-targets.yml vendored
View file

@ -131,8 +131,12 @@ jobs:
code-sign-windows:
needs: desktop-windows
uses: ./.github/workflows/code-sign-windows.yml
permissions:
contents: read
id-token: write # required for code-sign-windows
attestations: write # required for code-sign-windows
with:
attest: "true"
attest: true
filename: fleet-desktop.exe
upload_name: fleet-desktop.exe
secrets:
@ -173,8 +177,12 @@ jobs:
code-sign-windows-arm64:
needs: desktop-windows-arm64
uses: ./.github/workflows/code-sign-windows.yml
permissions:
contents: read
id-token: write # required for code-sign-windows
attestations: write # required for code-sign-windows
with:
attest: "true"
attest: true
filename: fleet-desktop.exe
upload_name: fleet-desktop-arm64.exe
download_name: unsigned-windows-arm64

6
.github/workflows/goreleaser-orbit.yaml vendored
View file

@ -204,10 +204,11 @@ jobs:
needs: goreleaser-windows
uses: ./.github/workflows/code-sign-windows.yml
permissions:
contents: read
id-token: write # required for attestations
attestations: write # required for attestations
with:
attest: 'true'
attest: true
filename: orbit.exe
upload_name: orbit-windows
secrets:
@ -257,10 +258,11 @@ jobs:
needs: goreleaser-windows-arm64
uses: ./.github/workflows/code-sign-windows.yml
permissions:
contents: read
id-token: write # required for attestations
attestations: write # required for attestations
with:
attest: 'true'
attest: true
filename: orbit.exe
upload_name: orbit-windows-arm64
download_name: unsigned-windows-arm64

5
.github/workflows/release-fleetd-base.yml vendored
View file

@ -214,7 +214,12 @@ jobs:
code-sign-windows:
needs: build-fleetd-base-msi
uses: ./.github/workflows/code-sign-windows.yml
permissions:
contents: read
id-token: write # required for code-sign-windows
attestations: write # required for code-sign-windows
with:
attest: true
filename: fleetd-base.msi
upload_name: fleetd-base-msi
secrets: