Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Artifact attestation needs id-token: write permission in publishing-docker-images.md #32926

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Artifact attestation needs id-token: write permission in publishing-docker-images.md #32926

wants to merge 2 commits into from
+3 −0

Conversation

thawn
Copy link

@thawn thawn commented May 13, 2024
edited

Why:

Following the current version of the documentation (without the id-token: write permission) I am getting the following error message in the attest-build-provenance step: Failed to get ID token: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable

the documentation of attest-build-provenance mentions that we also need the id-token: write permission.

Therefore, I suggest to add that to the documentation for publishing-docker-images.md

Closes:
#32933

What's being changed (if available, include any code snippets, screenshots, or gifs):

added id-token: write to the permissions: section of the example yml files.

Source Preview Production What Changed
actions/publishing-packages/publishing-docker-images.md fpt ghec ghes@ 3.12 3.11 3.10 3.9 fpt ghec ghes@ 3.12 3.11 3.10 3.9 added id-token: write to the permissions: section of the example yml code
packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md fpt ghec ghes@ 3.12 3.11 3.10 3.9 fpt ghec ghes@ 3.12 3.11 3.10 3.9 added id-token: write to the permissions: section of the example yml code

Check off the following:

  • I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).

    • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

  • For content changes, I have completed the self-review checklist.

@thawn
Artifact attestation needs id-token: write permission in publishing…
a2090be 
…-docker-images.md

Following the current version of the documentation (without the `id-token: write` permission) I am getting the following error message in the `attest-build-provenance` step: `Failed to get ID token: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable`

[the documentation of attest-build-provenance](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds#generating-build-provenance-for-container-images) mentions that we also need the `id-token: write` permission.

Therefore, I suggest to add that to the documentation here
@welcome Welcome
Copy link

welcome bot commented May 13, 2024

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@thawn thawn temporarily deployed to preview-env-32926 May 13, 2024 15:43 — with GitHub Actions Inactive
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label May 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 13, 2024
edited

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
actions/publishing-packages/publishing-docker-images.md fpt
ghec
ghes@ 3.12 3.11 3.10 3.9
fpt
ghec
ghes@ 3.12 3.11 3.10 3.9
packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md fpt
ghec
ghes@ 3.12 3.11 3.10 3.9
fpt
ghec
ghes@ 3.12 3.11 3.10 3.9
from reusable

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server

@thawn thawn changed the title Artifact attestation needs id-token: write permission in publishing… Artifact attestation needs id-token: write permission in publishing-docker-images.md May 13, 2024
@nguyenalex836 nguyenalex836 added content This issue or pull request belongs to the Docs Content team actions This issue or pull request should be reviewed by the docs actions team packages This issue or pull request should be reviewed by the docs packages team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels May 13, 2024
@nguyenalex836
Copy link
Contributor

@thawn Thanks so much for opening a PR! I'll get this triaged for review ✨

@nguyenalex836 nguyenalex836 linked an issue May 13, 2024 that may be closed by this pull request
following the instructions to publish a docker image causes an error in the attest-build-provenance step #32933
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team packages This issue or pull request should be reviewed by the docs packages team waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

following the instructions to publish a docker image causes an error in the attest-build-provenance step
2 participants
@thawn @nguyenalex836