Skip to content

Commit 0142887

Browse files
martincostellomartincostello
committed
Test GitHub app permissions
Testing secrets and permissions for #868.
1 parent eec6bb9 commit 0142887

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

.github/workflows/ghcr-image-build-and-publish.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,3 +104,20 @@ jobs:
104104
DIGEST: ${{ steps.push.outputs.digest }}
105105
TAGS: ${{ steps.meta.outputs.tags }}
106106
run: echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}"
107+
108+
test-permissions:
109+
runs-on: [ubuntu-latest]
110+
permissions:
111+
contents: read
112+
id-token: write
113+
steps:
114+
- name: Get GitHub token
115+
id: get-token
116+
uses: grafana/shared-workflows/actions/create-github-app-token@ae92934a14a48b94494dbc06d74a81d47fe08a40 # v0.2.2
117+
with:
118+
github_app: grafana-otel-bot
119+
permission_set: default
120+
- name: Show token permissions
121+
run: |
122+
echo "${{ steps.get-token.outputs.token }}" | gh auth login --with-token
123+
gh auth status

0 commit comments

Comments
 (0)