Skip to content

Commit

Permalink
Document requirements for GitHub Actions OIDC support
Browse files Browse the repository at this point in the history 
Minor formatting improvements

Signed-off-by: Louis Jacomet <louis@gradle.com>
  • Loading branch information
@ljacomet
ljacomet committed Mar 31, 2023
1 parent 6abe49b commit 72f4503
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions sigstore-gradle/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/cosign/pull/

## Requirements

Java 11 (https://github.com/sigstore/sigstore-java requires Java 11)
Gradle 7.5 (Gradle 6 could be supported once https://github.com/jsonschema2dataclass/js2d-gradle/issues/401 is released)
Gradle configuration cache is supported.
* Java 11 (https://github.com/sigstore/sigstore-java requires Java 11)
* Gradle 7.5 (Gradle 6 could be supported once https://github.com/jsonschema2dataclass/js2d-gradle/issues/401 is released)
* Gradle configuration cache is supported.

## Minimal usage

Expand All @@ -25,6 +25,18 @@ plugins {
// and it would resort to Web Browser OIDC otherwise.
```

### GitHub Actions OIDC support

In order for the required environment variables to be available, the workflow requires the following permissions:

```yaml
permissions:
id-token: write
contents: read
```
See [GitHub documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings) for details.
## Full configuration
```kotlin
Expand Down

0 comments on commit 72f4503

Please sign in to comment.