From 1f0efe145326c0886ba32791ffc9d70e12ae6107 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Tue, 30 Apr 2024 13:01:30 -0700 Subject: [PATCH] add attestations as allowed permission Signed-off-by: Brian DeHamer --- docs/checks.md | 2 +- rule_permissions.go | 1 + testdata/err/permissions_upper_case.out | 4 ++-- testdata/examples/permissions.out | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index 4de3a9a4a..fc8c26109 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -2000,7 +2000,7 @@ test.yaml:4:14: "write" is invalid for permission for all the scopes. available | 4 | permissions: write | ^~~~~ -test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] +test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] | 11 | check: write | ^~~~~~ diff --git a/rule_permissions.go b/rule_permissions.go index 8a08c65fa..7fb6fcce8 100644 --- a/rule_permissions.go +++ b/rule_permissions.go @@ -2,6 +2,7 @@ package actionlint var allPermissionScopes = map[string]struct{}{ "actions": {}, + "attestations": {}, "checks": {}, "contents": {}, "deployments": {}, diff --git a/testdata/err/permissions_upper_case.out b/testdata/err/permissions_upper_case.out index 076e27fe5..8a1ba209c 100644 --- a/testdata/err/permissions_upper_case.out +++ b/testdata/err/permissions_upper_case.out @@ -1,2 +1,2 @@ -test.yaml:4:3: unknown permission scope "ACTIONS". all available permission scopes are "actions", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] -test.yaml:5:3: unknown permission scope "CHECKS". all available permission scopes are "actions", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] +test.yaml:4:3: unknown permission scope "ACTIONS". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] +test.yaml:5:3: unknown permission scope "CHECKS". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] diff --git a/testdata/examples/permissions.out b/testdata/examples/permissions.out index fb56d3d40..92a42f0be 100644 --- a/testdata/examples/permissions.out +++ b/testdata/examples/permissions.out @@ -1,3 +1,3 @@ test.yaml:4:14: "write" is invalid for permission for all the scopes. available values are "read-all" and "write-all" [permissions] -test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] +test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions] test.yaml:13:15: "readable" is invalid for permission of scope "issues". available values are "read", "write" or "none" [permissions]