From 1ac6b2cea6d85a2924adc3a36bf1270404448ba0 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Wed, 6 Apr 2022 17:00:03 -0400 Subject: [PATCH] update write permissions and log into ghcr.io Signed-off-by: Alex Goodman --- .github/scripts/apple-signing/setup-prod.sh | 9 +++++++++ .github/workflows/release.yaml | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/.github/scripts/apple-signing/setup-prod.sh b/.github/scripts/apple-signing/setup-prod.sh index 283a8673d4c..277831f73fb 100755 --- a/.github/scripts/apple-signing/setup-prod.sh +++ b/.github/scripts/apple-signing/setup-prod.sh @@ -21,6 +21,14 @@ fi if [ -z "$DOCKER_PASSWORD" ]; then exit_with_error "DOCKER_PASSWORD not set" fi + +if [ -z "$GHCR_USERNAME" ]; then + exit_with_error "GHCR_USERNAME not set" +fi + +if [ -z "$GHCR_PASSWORD" ]; then + exit_with_error "GHCR_PASSWORD not set" +fi set -u # setup_signing @@ -41,4 +49,5 @@ setup_signing() { commentary "log into docker -- required for publishing (since the default keychain has now been replaced)" echo "${DOCKER_PASSWORD}" | docker login docker.io -u "${DOCKER_USERNAME}" --password-stdin + echo "${GHCR_PASSWORD}" | docker login ghcr.io -u "${GHCR_USERNAME}" --password-stdin } diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c3f25376c2a..35f3ff80a6e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -94,6 +94,8 @@ jobs: needs: [quality-gate] # due to our code signing process, it's vital that we run our release steps on macOS runs-on: macos-latest + permissions: + packages: write steps: - uses: docker-practice/actions-setup-docker@v1 @@ -128,6 +130,8 @@ jobs: - name: Build & publish release artifacts run: make release env: + GHCR_USERNAME: ${{ github.actor }} + GHCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }} DOCKER_USERNAME: ${{ secrets.TOOLBOX_DOCKER_USER }} DOCKER_PASSWORD: ${{ secrets.TOOLBOX_DOCKER_PASS }} # we use a different token than GITHUB_SECRETS to additionally allow updating the homebrew repos