ci: fix release pipeline (#1253)

* add pull-request permission to docs job * readd permission for micro-services step * run checkout action before building * allow crane to read packages
2024-10-01 01:36:09 -04:00 · 2023-02-27 10:49:52 +01:00 · 2023-02-27 10:49:52 +01:00 · 05823680f3
commit 05823680f3
parent 83bea18a4f
1 changed files with 11 additions and 1 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -62,6 +62,7 @@ jobs:
    needs: verify-inputs
    permissions:
      contents: write
+      pull-requests: write
    env:
      VERSION: ${{ inputs.version }}
      MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
@ -118,6 +119,9 @@ jobs:
    name: Build micro services
    runs-on: ubuntu-22.04
    needs: [verify-inputs, prepare-release-branch]
+    permissions:
+      contents: read
+      packages: write
    strategy:
      matrix:
        koTarget:
@ -169,6 +173,11 @@ jobs:
          - appName: libvirt
            dockerfile: ./cli/internal/libvirt/Dockerfile
    steps:
+      - name: Checkout
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
+
      - name: Build docker image
        uses: ./.github/actions/build_micro_service
        with:
@ -187,6 +196,7 @@ jobs:
    runs-on: ubuntu-22.04
    permissions:
      contents: write
+      packages: read
    env:
      VERSION: ${{ inputs.version }}
      WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
@ -261,7 +271,7 @@ jobs:

  update-hardcoded-measurements:
    name: Update hardcoded measurements (in the CLI)
-    needs: [verify-inputs]
+    needs: [verify-inputs, os-image]
    permissions:
      contents: write
    runs-on: ubuntu-22.04