Skip to content
This repository was archived by the owner on Jun 16, 2026. It is now read-only.

Commit 71731f2

Browse files
cybercystclaude
andcommitted
ci: grant id-token write permission for AWS OIDC
The Build and Release workflow's Configure AWS Credentials step assumes a role via OIDC (role-to-assume with no static keys), which requires the id-token: write permission. The workflow only granted contents: read, so the step would fail to obtain a web identity token. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 2e7edb7 commit 71731f2

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

.github/workflows/build-and-release.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ on:
77

88
permissions:
99
contents: read
10+
id-token: write
1011

1112
jobs:
1213
build-and-push:

0 commit comments

Comments
 (0)