Skip to content
This repository was archived by the owner on Jun 16, 2026. It is now read-only.

Commit f14e261

Browse files
committed
moves permission fix before crane digest
1 parent c4b0208 commit f14e261

1 file changed

Lines changed: 10 additions & 5 deletions

File tree

.github/workflows/build-image.yml

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,11 @@ jobs:
9999
env:
100100
IMAGE_DESTINATION_PATH: ${{ inputs.image-destination-path }}
101101

102+
- name: Fix workspace permissions
103+
run: |
104+
sudo chown -R $(id -u):$(id -g) $GITHUB_WORKSPACE || true
105+
continue-on-error: true
106+
102107
- name: Use crane to get the digest
103108
run: |
104109
docker run --rm \
@@ -109,11 +114,6 @@ jobs:
109114
env:
110115
IMAGE_DESTINATION_PATH: ${{ inputs.image-destination-path }}
111116

112-
- name: Fix workspace permissions
113-
run: |
114-
sudo chown -R $(id -u):$(id -g) $GITHUB_WORKSPACE || true
115-
continue-on-error: true
116-
117117
# Uploading the built Docker image as an artifact
118118
- name: Upload artifact
119119
uses: actions/upload-artifact@v4
@@ -227,6 +227,11 @@ jobs:
227227
args: devguard-scanner intoto stop --step=build --products=image-digest.txt --products=image-tag.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --generateSlsaProvenance --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }}
228228
continue-on-error: true
229229

230+
- name: Fix workspace permissions (after provenance)
231+
run: |
232+
sudo chown -R $(id -u):$(id -g) $GITHUB_WORKSPACE || true
233+
continue-on-error: true
234+
230235
- name: Upload SLSA Provenance
231236
uses: actions/upload-artifact@v4
232237
with:

0 commit comments

Comments
 (0)