Closed woodruffw closed 3 weeks ago
First of all, thanks for this tool!
actionlint is currently flagging workflows that set the attestations permission, which was recently added: https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/. This should be allowed instead, since it's now a well-known permission.
actionlint
attestations
Here's an example CI failure caused by actionlint: https://github.com/Homebrew/homebrew-core/actions/runs/8992021433/job/24700868295?pr=171085
And the concrete error:
Run actionlint Error: .github/workflows/publish-commit-bottles.yml:247:7: unknown permission scope "attestations". all available permission scopes are "actions", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] | 247 | attestations: write # for `generate build provenance` | ^~~~~~~~~~~~~ Error: Process completed with exit code 1.
Whoops, this was already fixed in https://github.com/rhysd/actionlint/commit/1f0efe145326c0886ba32791ffc9d70e12ae6107. Sorry for the noise!
First of all, thanks for this tool!
actionlint
is currently flagging workflows that set theattestations
permission, which was recently added: https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/. This should be allowed instead, since it's now a well-known permission.Here's an example CI failure caused by
actionlint
: https://github.com/Homebrew/homebrew-core/actions/runs/8992021433/job/24700868295?pr=171085And the concrete error: