Skip to content

Commit

Permalink
fixup! github: use federated auth for Azure login
Browse files Browse the repository at this point in the history
One "funny" quirk of GitHub Actions is that some of their YAML
constructs that users _assume_ to be cumulative, are not. One example is
the `permissions` block: Most readers will assume that the following
YAML will combine `contents` and `id-token` permissions:

	permissions:
	  id-token: write

	jobs:
	  my-job:
	    permissions:
	      contents: write

However, that is not the case! The inner `permissions` block completely
negates the outer `permissions` block.

So let's just repeat ourselves to force GitHub Actions to understand
which permissions we need.

Signed-off-by: Johannes Schindelin <[email protected]>
  • Loading branch information
dscho committed Jul 2, 2024
1 parent 220ee02 commit 138aba7
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build-git-installers.yml
Original file line number Diff line number Diff line change
Expand Up @@ -666,6 +666,7 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write # required for Azure login via OIDC
needs:
- validate-installers
- create-linux-artifacts
Expand Down

0 comments on commit 138aba7

Please sign in to comment.