Commit 4752651
ci: grant contents write permission for SBOM release attachments (#7)
The Docker build workflow fails with "Resource not accessible by
integration" when attaching SBOMs to releases because the build job has
`contents: read` permission.
## Changes
- Changed `build` job's `permissions.contents` from `read` to `write` in
`.github/workflows/docker-build.yml`
```yaml
build:
runs-on: ubuntu-latest
permissions:
- contents: read
+ contents: write
packages: write
id-token: write
```
This allows the workflow to attach SBOM artifacts to GitHub releases
when tags are pushed.
<!-- START COPILOT CODING AGENT SUFFIX -->
<details>
<summary>Original prompt</summary>
> Update the workflow file .github/workflows/docker-build.yml in
repository bakerboy448/RedditModLog to fix the failing job that errors
with 'Resource not accessible by integration' when attaching SBOMs to a
release. The build job currently has permissions.contents: read which
prevents the workflow from attaching files to releases. Change the build
job's permissions.contents from 'read' to 'write' and make no other
changes. Create a new branch named fix/sbom-permissions, commit the
change with message 'ci: grant contents write permission so SBOMs can be
attached to releases', and open a pull request against the main branch
with the given title. Ensure the PR only modifies
.github/workflows/docker-build.yml and explain in the PR description why
the change is needed and how to verify it fixes the issue.
</details>
*This pull request was created as a result of the following prompt from
Copilot chat.*
> Update the workflow file .github/workflows/docker-build.yml in
repository bakerboy448/RedditModLog to fix the failing job that errors
with 'Resource not accessible by integration' when attaching SBOMs to a
release. The build job currently has permissions.contents: read which
prevents the workflow from attaching files to releases. Change the build
job's permissions.contents from 'read' to 'write' and make no other
changes. Create a new branch named fix/sbom-permissions, commit the
change with message 'ci: grant contents write permission so SBOMs can be
attached to releases', and open a pull request against the main branch
with the given title. Ensure the PR only modifies
.github/workflows/docker-build.yml and explain in the PR description why
the change is needed and how to verify it fixes the issue.
<!-- START COPILOT CODING AGENT TIPS -->
---
💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: bakerboy448 <55419169+bakerboy448@users.noreply.github.com>1 parent ab51d70 commit 4752651
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| |||
0 commit comments