Provide an interface to job level settings #152
Comments
|
Although not well-documented, you could do this with ThisBuild / githubWorkflowPermissions := Some(Permissions.Specify(Map(
PermissionScope.IdToken -> PermissionValue.Write
)))We needed to implement ThisBuild / githubWorkflowPermissions := Some(Permissions.Specify(Map(
PermissionScope.Packages -> PermissionValue.Write
)))in order to build GitHub packages properly, as by default our tokens do not support this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are some settings that are impossible to set with this action. In particular we have a private AWS ECR docker registry that we log in to using the recommended OIDC method so that we can generate a short-lived CI specific token.
Part of this process requires setting the
permissions: id-token: writesetting on the job, or the GH token will not have enough permission to accomplish its task. This leaves us in a situation where we either have to abandon the use of this plugin, or abandon the use of OIDC. As an ops professional, I would lean toward the former, but some of our developers would probably prefer to keep using this plugin, so I would just like to request that you offer some sort of interface to this.If you want to scope it just to permissions that's fine, but I'd prefer something a bit more generic to set any other settings that a job might want, that are currently unsettable by this generator.
The text was updated successfully, but these errors were encountered: