mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-18 03:56:52 +02:00
46b3d88ae5
## What is this? Just adding documentation for using cosign with GitHub's OIDC in CI. ## Why? I spent 4 hours looking through goreleaser and GitHub's docs before I finally discovered I was missing the `id-token: write` permission in my workflow file. This PR serves to just include the `id-token: write` scope in the `CI -> (GH) actions` section of the docs to hopefully save other devs the trouble 🤣 ### Additional I also considered adding this to docs for the other CI providers, but I am not too familiar on the OIDC side of things; might be worth considering for the team? Cheers --- Been using goreleaser for one of my [oss projects](https://github.com/caffeine-addictt/waku) recently and it's been great! Just wanted to contribute something back, keep up the great work! :> Signed-off-by: AlexNg <contact@ngjx.org>