From e0acfa98c7ba1e34a0acdbc4b1af69328c310531 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Wed, 2 Nov 2022 11:48:37 -0400
Subject: [PATCH] add s3 credentials to release (#1309)

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---
 .github/workflows/release.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ade2d4fede8..4199a850459 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -141,13 +141,19 @@ jobs:
       - name: Build & publish release artifacts
         run: make release
         env:
+          # for mac signing and notarization...
           QUILL_SIGN_P12: ${{ secrets.ANCHORE_APPLE_DEVELOPER_ID_CERT_CHAIN }}
           QUILL_SIGN_PASSWORD: ${{ secrets.ANCHORE_APPLE_DEVELOPER_ID_CERT_PASS }}
           QUILL_NOTARY_ISSUER: ${{ secrets.APPLE_NOTARY_ISSUER }}
           QUILL_NOTARY_KEY_ID: ${{ secrets.APPLE_NOTARY_KEY_ID }}
           QUILL_NOTARY_KEY: ${{ secrets.APPLE_NOTARY_KEY }}
+          # for creating the release (requires write access to packages and content)
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # for updating brew formula in anchore/homebrew-syft
           GITHUB_BREW_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }}
+          # for updating the VERSION file in S3...
+          AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
 
       - uses: anchore/sbom-action@v0
         continue-on-error: true