From f6205740c10effe5e18e4941d95f0894b65919fe Mon Sep 17 00:00:00 2001 From: Miguel Martinez Date: Sun, 15 Mar 2026 19:44:59 +0100 Subject: [PATCH] Revert "chore(ci): migrate release workflow to GitHub keyless auth" This reverts commit 381a8fa528fc1dbdf971982d65178783038a5b04. Signed-off-by: Miguel Martinez --- .github/workflows/release.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6a484ed0b..a47211769 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,7 +6,8 @@ on: - "v*.*.*" # https://github.com/ossf/scorecard/blob/7ed886f1bd917d19cb9d6ce6c10e80e81fa31c39/docs/checks.md#token-permissions -permissions: read-all +permissions: + contents: read jobs: release_gate: @@ -27,17 +28,22 @@ jobs: chainloop attestation init --workflow release-gate --project chainloop chainloop attestation push env: + CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Mark attestation as failed if: ${{ failure() }} run: | chainloop attestation reset + env: + CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} - name: Mark attestation as cancelled if: ${{ cancelled() }} run: | chainloop attestation reset --trigger cancellation + env: + CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} test: uses: chainloop-dev/chainloop/.github/workflows/test.yml@d427768c0b07d50b485df0bcae87eb8ae8769e04 @@ -54,6 +60,7 @@ jobs: id-token: write # required for SLSA provenance attestations: write # required for SLSA provenance env: + CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: