From 57a254deb5b321ef0128302e97a9580d1d26775d Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Sun, 11 Feb 2024 04:53:21 +0000 Subject: [PATCH] docker: enable actions permission for trivy job to make runner green --- .github/workflows/docker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 549ab2e5..3dc3ea98 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -60,7 +60,7 @@ jobs: ghcr.io:443 github.com:443 api.github.com:443 - pkg-containers.githubusercontent.com:443 + *.githubusercontent.com docker.io:443 auth.docker.io:443 index.docker.io:443 @@ -208,7 +208,7 @@ jobs: github.com:443 api.github.com:443 docker.io:443 - pkg-containers.githubusercontent.com:443 + *.githubusercontent.com auth.docker.io:443 registry-1.docker.io:443 production.cloudflare.docker.com:443 @@ -331,7 +331,7 @@ jobs: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status with: scan-type: 'image' image-ref: '${{ needs.publish.outputs.image }}:${{ needs.publish.outputs.version }}' @@ -344,7 +344,7 @@ jobs: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status with: scan-type: 'image' image-ref: '${{ needs.allinone.outputs.image }}:${{ needs.allinone.outputs.version }}'