diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8d7eb00de..7956a4eeb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -77,8 +77,10 @@ jobs: - name: Prepare run: | - platform=${{ matrix.platform }} + platform=${MATRIX_PLATFORM} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + env: + MATRIX_PLATFORM: ${{ matrix.platform }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 20029b44c..b8f0e5e25 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -7,9 +7,6 @@ on: push: branches: [ "main" ] -# Declare default permissions as read only. -permissions: read-all - jobs: analysis: name: Scorecards analysis @@ -19,6 +16,18 @@ jobs: security-events: write # Used to receive a badge. id-token: write + # read permissions to all the other objects + actions: read + attestations: read + checks: read + contents: read + deployments: read + issues: read + discussions: read + packages: read + pages: read + pull-requests: read + statuses: read steps: - name: "Checkout code"