From ee428513e603381bb25bf9dfdea5edf615122c92 Mon Sep 17 00:00:00 2001 From: immutable-art <138187673+immutable-art@users.noreply.github.com> Date: Wed, 30 Oct 2024 08:51:55 +1100 Subject: [PATCH] Add a security warning --- .github/workflows/publish.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 91ffe8e6..5048c222 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -10,8 +10,8 @@ jobs: name: Publish to NPM runs-on: ubuntu-latest permissions: - id-token: write # Required for GitHub Attestation - attestations: write # Required for GitHub Attestation + id-token: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident ! + attestations: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident ! steps: - name: Checkout uses: actions/checkout@v2 @@ -61,6 +61,7 @@ jobs: run: | rm -rf dist && yarn build + # ! Do NOT remove - this will cause a Sev 0 incident ! - name: Generate SDK attestation uses: actions/attest-build-provenance@v1 with: