docker: Grant enough permissions to sign images

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 23 Sep 2025 14:19:53 +0000 (16:19 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Wed, 24 Sep 2025 08:14:52 +0000 (10:14 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 23 Sep 2025 14:19:53 +0000 (16:19 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 24 Sep 2025 08:14:52 +0000 (10:14 +0200)
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml

index e3b2ce194aef53a81d3583e98e4032a96a03b700..4fc5c4ea90c4138f81fa745030443f616f848ce4 100644 (file)
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -8,6 +8,9 @@ on:
  permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
    contents: read
    actions: read
+  # This is used to complete the identity challenge
+  # with sigstore/fulcio when running outside of PRs.
+  id-token: write
  
  jobs:
    call-build-image-recursor:
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 23 Sep 2025 14:19:53 +0000 (16:19 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Wed, 24 Sep 2025 08:14:52 +0000 (10:14 +0200)