give write perms

Native-Planet · Jan 29, 2025 · 980d4cc · 980d4cc
1 parent ccba0a6
commit 980d4cc
Showing 1 changed file with 20 additions and 6 deletions.
diff --git a/.github/workflows/slsa3-release.yaml b/.github/workflows/slsa3-release.yaml
@@ -170,7 +170,10 @@ jobs:
       base64-subjects: "${{ needs.backend-build.outputs.hashes }}"
 
   deploy:
-    permissions: write-all
+    permissions:
+      contents: write
+      actions: read
+      id-token: write
     needs: [args, backend-build, provenance]
     if: ${{ github.event.inputs.release_channel != 'nobuild' }}
     runs-on: ubuntu-latest
@@ -246,24 +249,35 @@ jobs:
           draft: false
           prerelease: ${{ contains(needs.args.outputs.channel, 'canary') }}
 
-      - name: Upload Release Assets
+      - name: Upload Release Asset AMD64
         if: ${{ github.event.inputs.release_channel == 'latest' && github.event.inputs.version_server == 'version.groundseg.app' }}
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./groundseg_*_${{ needs.args.outputs.bin-tag }}_${{ needs.args.outputs.channel }}
-          asset_name: groundseg_${{ matrix.arch }}_${{ needs.args.outputs.bin-tag }}_${{ needs.args.outputs.channel }}
+          asset_path: ./groundseg_amd64_${{ needs.args.outputs.channel }}_${{ needs.args.outputs.bin-tag }}
+          asset_name: groundseg_amd64_${{ needs.args.outputs.channel }}_${{ needs.args.outputs.bin-tag }}
           asset_content_type: application/octet-stream
-
+
+      - name: Upload Release Asset ARM64
+        if: ${{ github.event.inputs.release_channel == 'latest' && github.event.inputs.version_server == 'version.groundseg.app' }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./groundseg_arm64_${{ needs.args.outputs.channel }}_${{ needs.args.outputs.bin-tag }}
+          asset_name: groundseg_arm64_${{ needs.args.outputs.channel }}_${{ needs.args.outputs.bin-tag }}
+          asset_content_type: application/octet-stream
+
       - name: Upload Provenance to Release
         if: ${{ github.event.inputs.release_channel == 'latest' && github.event.inputs.version_server == 'version.groundseg.app' }}
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./provenance/*.jsonl
+          asset_path: ./provenance.jsonl
           asset_name: provenance.jsonl
           asset_content_type: application/json