diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 67ebc797..18c2f942 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -7,6 +7,10 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + contents: read + packages: write + jobs: publishDocker: environment: dockerhub diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 1167577d..e7614505 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -22,10 +22,6 @@ jobs: - name: Get dependencies run: | go get -v -t -d ./... - if [ -f Gopkg.toml ]; then - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - dep ensure - fi - name: Check the build shell: bash -l {0} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e28af66..27daefcd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,18 +41,18 @@ jobs: man.md - name: Install cosign - uses: sigstore/cosign-installer@v3 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: Cross compile run: | sudo apt-get install rhash -y - go install github.com/goreleaser/goreleaser/v2@latest + go install github.com/goreleaser/goreleaser/v2@v2.15.2 ./scripts/xcompile.sh - name: Sign checksums run: | - cosign sign-blob --yes --output-bundle build/checksums.bundle build/checksums - cosign sign-blob --yes --output-bundle build/checksums-bsd.bundle build/checksums-bsd + cosign sign-blob --yes --bundle build/checksums.bundle build/checksums + cosign sign-blob --yes --bundle build/checksums-bsd.bundle build/checksums-bsd - name: Release uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2 diff --git a/.github/workflows/snap-release.yml b/.github/workflows/snap-release.yml index 6b8d1969..b3cbe915 100644 --- a/.github/workflows/snap-release.yml +++ b/.github/workflows/snap-release.yml @@ -7,6 +7,9 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + contents: read + jobs: buildSnap: environment: snap