Skip to content

Commit

Permalink
docs: notes for matrix and required permissions (#469)
Browse files Browse the repository at this point in the history
Signed-off-by: Keith Zantow <kzantow@gmail.com>
  • Loading branch information
kzantow authored May 28, 2024
1 parent 07e5b3a commit 2283abe
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,27 @@ use the `artifact-name` parameter:
artifact-name: sbom.spdx
```

> [!IMPORTANT]
> If using this action within a **matrix build**, you must specify a unique `artifact-name`
> based on matrix parameters or the artifact upload will fail due to duplicate names. See
> an [example here](.github/workflows/test.yml#L36).

## Permissions

This action needs the following permissions, depending on how it is being used:

```
contents: write # for sbom-action artifact uploads
```

If attaching release assets, the `actions: read` permission is also required.
This may be implicit for public repositories, but is likely to be necessary for
private repositories.

```
actions: read # to find workflow artifacts when attaching release assets
```
## Configuration
### anchore/sbom-action
Expand Down

0 comments on commit 2283abe

Please # to comment.