docs: notes for matrix and required permissions#469
Conversation
| This action needs the following permissions: | ||
|
|
||
| ``` | ||
| contents: write # for sbom-action artifact uploads |
There was a problem hiding this comment.
I'm a bit confused by these YAML comments. It might help if there was a list of use case to required permissions. I suspect there are some permissions always needed, and some only needed for certain use cases.
There was a problem hiding this comment.
I'm open to suggestions how to make this more clear. There are 2 main things this does: create an SBOM and upload it as a workflow artifact (the first permission) and attach release assets (the second permission), a user only needs to set the permission for the thing they're doing, which the comments indicate.
There was a problem hiding this comment.
How does actions: read grant permissions to attach things to the release assets? Does it not need some write permissions for that?
There was a problem hiding this comment.
Updated -- is this more clear, @willmurphyscode ?
Signed-off-by: Keith Zantow <kzantow@gmail.com>
94b949f to
2e84037
Compare
A recent update to the GitHub actions toolkit had an impact on a couple aspects of workflow artifact usage, this PR updates the docs with information that should get anyone unblocked who has issues with these changes.
See: