From 7cc4926e6f36815497cff88ea5c24965ec4e7559 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=ADas=20Insaurralde?= Date: Fri, 13 Mar 2026 18:43:46 -0300 Subject: [PATCH] chore(ci): migrate github_release workflow to GitHub keyless auth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matías Insaurralde --- .github/workflows/github_release.yaml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/github_release.yaml b/.github/workflows/github_release.yaml index 648ee4ace..d2e65c738 100644 --- a/.github/workflows/github_release.yaml +++ b/.github/workflows/github_release.yaml @@ -6,16 +6,10 @@ on: tag: type: string required: true - secrets: - chainloop_token: - required: true -permissions: {} +permissions: read-all jobs: - # This reusable workflow inspects if the given workflow_name exists on Chainloop. If the Workflow does not exist - # it will create one with an empty contract ready for operators to be filled. Otherwise, if found, it will just - # be ignored and the process will continue. For this to work it's using a pre-created API Token release: name: Record release from GitHub runs-on: ubuntu-latest @@ -24,7 +18,6 @@ jobs: contents: write id-token: write # required for SLSA provenance - https://docs.chainloop.dev/guides/slsa/ env: - CHAINLOOP_TOKEN: ${{ secrets.chainloop_token }} CHAINLOOP_WORKFLOW_NAME: chainloop-vault-release CHAINLOOP_PROJECT: chainloop GH_TOKEN: ${{ github.token }}