Elevate permissions in publish workflow (#401)

Better-HPC · Aug 28, 2024 · 9672c42 · 9672c42
1 parent 972c5dd
commit 9672c42
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/.github/workflows/Publish.yml b/.github/workflows/Publish.yml
@@ -13,6 +13,7 @@ jobs:
   publish-docker:
     runs-on: ubuntu-latest
     name: Docker Image
+    environment: publish
 
     steps:
       - name: Checkout source
@@ -61,7 +62,7 @@ jobs:
   publish-pypi:
     name: Python Distribution
     runs-on: ubuntu-latest
-    environment: pypi
+    environment: publish
 
     steps:
       - name: Set up Python
@@ -88,6 +89,8 @@ jobs:
   trigger-docs:
     name: Trigger Docs
     runs-on: ubuntu-latest
+    environment: publish
+
     steps:
       - name: Update docs
         uses: pitt-crc/keystone-docs/.github/actions/update-action/@main

diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml
@@ -40,5 +40,7 @@ jobs:
     needs: [ version, test ]
     uses: ./.github/workflows/Publish.yml
     secrets: inherit
+    permissions:
+      id-token: write
     with:
       version: ${{needs.version.outputs.version}}