mirror of
https://github.com/grafana/tempo.git
synced 2025-03-14 03:06:42 +00:00
fa9b7ad5ad
Currently, the workflow is broken as the reusable workflow requires `id-token: write` _and_ `contents: read`, but since we have overridden the default permissions, we need to re-add `contents: read`. [Workflow error example](https://github.com/grafana/tempo/actions/runs/12400150268): > The workflow is not valid. .github/workflows/drone-signature-check.yml (Line: 17, Col: 3): Error calling workflow 'grafana/shared-workflows/.github/workflows/check-drone-signature.yaml@main'. The nested job 'check-drone-signature' is requesting 'contents: read', but is only allowed 'contents: none'.
24 lines
465 B
YAML
24 lines
465 B
YAML
name: Check Drone CI Signature
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "main"
|
|
paths:
|
|
- ".drone/drone.yml"
|
|
pull_request:
|
|
paths:
|
|
- ".drone/drone.yml"
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
|
|
jobs:
|
|
drone-signature-check:
|
|
# only run in grafana/tempo.
|
|
if: github.repository == 'grafana/tempo'
|
|
uses: grafana/shared-workflows/.github/workflows/check-drone-signature.yaml@main
|
|
with:
|
|
drone_config_path: .drone/drone.yml
|