From 72f4503baa7c8b59afec23548edd2c79d3cdba12 Mon Sep 17 00:00:00 2001
From: Louis Jacomet <louis@gradle.com>
Date: Fri, 31 Mar 2023 18:14:13 +0200
Subject: [PATCH] Document requirements for GitHub Actions OIDC support

Minor formatting improvements

Signed-off-by: Louis Jacomet <louis@gradle.com>
---
 sigstore-gradle/README.md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/sigstore-gradle/README.md b/sigstore-gradle/README.md
index 0357f34e..4f00aca5 100644
--- a/sigstore-gradle/README.md
+++ b/sigstore-gradle/README.md
@@ -9,9 +9,9 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/cosign/pull/
 
 ## Requirements
 
-Java 11 (https://github.com/sigstore/sigstore-java requires Java 11)
-Gradle 7.5 (Gradle 6 could be supported once https://github.com/jsonschema2dataclass/js2d-gradle/issues/401 is released)
-Gradle configuration cache is supported.
+* Java 11 (https://github.com/sigstore/sigstore-java requires Java 11)
+* Gradle 7.5 (Gradle 6 could be supported once https://github.com/jsonschema2dataclass/js2d-gradle/issues/401 is released)
+* Gradle configuration cache is supported.
 
 ## Minimal usage
 
@@ -25,6 +25,18 @@ plugins {
 // and it would resort to Web Browser OIDC otherwise.
 ```
 
+### GitHub Actions OIDC support
+
+In order for the required environment variables to be available, the workflow requires the following permissions:
+
+```yaml
+permissions:
+  id-token: write
+  contents: read
+```
+
+See [GitHub documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings) for details.
+
 ## Full configuration
 
 ```kotlin