Skip to content

ci: support provenance, store a different folder and use least-permissive access#749

Merged
v1v merged 1 commit intomainfrom
feature/support-provenance-permissions
Feb 11, 2026
Merged

ci: support provenance, store a different folder and use least-permissive access#749
v1v merged 1 commit intomainfrom
feature/support-provenance-permissions

Conversation

@v1v
Copy link
Member

@v1v v1v commented Feb 11, 2026

@v1v v1v requested a review from a team as a code owner February 11, 2026 10:22
@github-actions
Copy link
Contributor

github-actions bot commented Feb 11, 2026

🤖 GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@github-actions github-actions bot added the aws-λ-extension AWS Lambda Extension label Feb 11, 2026
v1v
v1v commented Feb 11, 2026
View reviewed changes
.github/workflows/release.yml
contents: write
id-token: write
pull-requests: read
contents: read
Copy link
Member Author

@v1v v1v Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewer: default top-level permission. only checkout

v1v
v1v commented Feb 11, 2026
View reviewed changes
.github/workflows/release.yml
jobs:
build:
runs-on: ubuntu-latest
permissions:
Copy link
Member Author

@v1v v1v Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewer: job permissions, to follow the least-permissive access

v1v
v1v commented Feb 11, 2026
View reviewed changes
.github/workflows/release.yml
Comment on lines +21 to +22
attestations: write
artifact-metadata: write
Copy link
Member Author

@v1v v1v Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

required permissions for the provenance

v1v
v1v commented Feb 11, 2026
View reviewed changes
.github/workflows/release.yml
with:
name: aws
path: ".aws*/**/*"
path: ".aws-linux*/"
Copy link
Member Author

@v1v v1v Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewer: let's see if this will actually archive the lambda folder

@v1v v1v enabled auto-merge (squash) February 11, 2026 10:24
@v1v v1v self-assigned this Feb 11, 2026
@v1v v1v disabled auto-merge February 11, 2026 10:42
@v1v v1v merged commit dd63e74 into main Feb 11, 2026
15 checks passed
@v1v v1v deleted the feature/support-provenance-permissions branch February 11, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmathieu dmathieu dmathieu approved these changes

Assignees

@v1v v1v

Labels

aws-λ-extension AWS Lambda Extension

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@v1v @dmathieu