From 7b962a4eec913ba5bfbca5e7380d3e78374acc6a Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Fri, 1 Oct 2021 16:19:33 -0400 Subject: [PATCH] Use GitHub Actions token to authorize push This alleviates the need to store a personal access token in a secret. The GitHub Action worker is authorized to push packages due to the `packages: write` permission. --- .github/workflows/keyless-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/keyless-sign.yml b/.github/workflows/keyless-sign.yml index 5810336..94d6ec8 100644 --- a/.github/workflows/keyless-sign.yml +++ b/.github/workflows/keyless-sign.yml @@ -22,7 +22,7 @@ jobs: with: registry: ghcr.io username: ${{ github.repository_owner }} - password: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + password: ${{ github.token }} - name: Install Cosign uses: sigstore/cosign-installer@main - name: Build and Push container images