From 974d2d435d27c6b71ec027117b2eaf9ee25a8a23 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 23 Feb 2026 19:35:52 +0100 Subject: [PATCH 1/2] ci: fix release workflow --- .github/workflows/release-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index b26da74f..d84120a0 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -18,6 +18,7 @@ jobs: uses: ./.github/workflows/wc-build-push-test.yml permissions: actions: read # is needed by anchore/sbom-action to find workflow artifacts when attaching release assets + artifact-metadata: write # is needed by actions/attest-build-provenance to write artifact metadata attestations: write # is needed by actions/attest-build-provenance to push attestations contents: write # is needed by anchore/sbom-action for artifact uploads id-token: write # is needed by actions/attest-build-provenance to obtain an OIDC token From 7a0f6e76c2d4fafe9dcc14bfc30e1c738724726d Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 23 Feb 2026 21:13:20 +0100 Subject: [PATCH 2/2] ci: fix flavor build workflow as well --- .github/workflows/release-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index d84120a0..48600189 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -43,6 +43,7 @@ jobs: TEST_GITHUB_TOTP_SECRET: ${{ secrets.TEST_GITHUB_TOTP_SECRET }} permissions: actions: read # is needed by anchore/sbom-action to find workflow artifacts when attaching release assets + artifact-metadata: write # is needed by actions/attest-build-provenance to write artifact metadata attestations: write # is needed by actions/attest-build-provenance to push attestations contents: write # is needed by anchore/sbom-action for artifact uploads id-token: write # is needed by actions/attest-build-provenance to obtain an OIDC token