Missing Scope in GITHUB_ACTIONS Checks
satellite-no opened this issue · comments
Sean commented
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
Reports an error unknown permission scope "attestations"
which is incorrect.
Expected Behavior
Should validate like all other scopes.
Super-Linter version
v6.4.1
Relevant log output
### Failed Workflow:
.github/workflows/upload-deploy.yml:18:7: unknown permission scope "attestations". all available permission scopes are "actions", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
|
18 | attestations: read
| ^~~~~~~~~~~~~
------
### Following Workflow without attestations:
```text
Invalid workflow file: .github/workflows/upload-deploy.yml#L14
The workflow is not valid. .github/workflows/upload-deploy.yml (Line: 14, Col: 3): Error calling workflow 'org/repo/.github/workflows/lint-package-inspect.yml@b7547c86547eee07595a5f8cb0a9eed2737c7a2b'. The workflow is requesting 'attestations: read', but is only allowed 'attestations: none'.
### Steps To Reproduce
add below to `jobs` section.
```yaml
lint-package-inspect:
uses: ./.github/workflows/lint-package-inspect.yml
permissions:
actions: read
attestations: read
Anything else?
NA
Sean commented
Reference from upstream super-linter/super-linter#5601
Hugo van Kemenade commented