You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Secret TUF_ON_CI_TOKEN: this should be a sigstore-bot token with following permissions for sigstore/root-signing:
Actions: write to dispatch other workflows when needed
Contents: write to create online signing commits, and to create targets metadata change commits in signing events
Issues: write to create issues for workflow failures
Pull requests: write to create and modify signing event pull requests
There may already be a token but I'd like a new one to get the right name and to double check the permissions (they may not match exactly what the legacy systems needs).
Originally I was planning to also set two variables but that would only make sense if sigstore/github-sync would support them -- I will instead include them in the workflow in #1256
The text was updated successfully, but these errors were encountered:
for reference there is also an issue for using a GitHub App instead of a plain token sigstore/root-signing-staging#98 -- I plan to test that in staging but that's not done yet
As part of #1247 I'd like to define a GH secret.
Actions: write
to dispatch other workflows when neededContents: write
to create online signing commits, and to create targets metadata change commits in signing eventsIssues: write
to create issues for workflow failuresPull requests: write
to create and modify signing event pull requestsThere may already be a token but I'd like a new one to get the right name and to double check the permissions (they may not match exactly what the legacy systems needs).
Originally I was planning to also set two variables but that would only make sense if sigstore/github-sync would support them -- I will instead include them in the workflow in #1256
The text was updated successfully, but these errors were encountered: