From f96d8ee8db39ec3705f4aa263abc94146303d431 Mon Sep 17 00:00:00 2001 From: Mario Apra Date: Fri, 10 Apr 2026 15:42:26 +0100 Subject: [PATCH] fix: remove artifact-metadata:write from reusable workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reusable workflows cannot request permissions that callers don't grant — GitHub fails with a validation error. Removing artifact-metadata:write from the reusable workflows avoids breaking existing callers. The permission remains in the example files so callers can adopt it at their own pace. --- .github/workflows/docker-build-push-dockerhub.yaml | 1 - .github/workflows/docker-build-push-jfrog.yaml | 1 - .github/workflows/docker-promote-dockerhub.yaml | 6 ------ .github/workflows/docker-promote-jfrog.yaml | 6 ------ 4 files changed, 14 deletions(-) diff --git a/.github/workflows/docker-build-push-dockerhub.yaml b/.github/workflows/docker-build-push-dockerhub.yaml index 51940e6..e1bed3a 100644 --- a/.github/workflows/docker-build-push-dockerhub.yaml +++ b/.github/workflows/docker-build-push-dockerhub.yaml @@ -115,7 +115,6 @@ on: permissions: id-token: write attestations: write - artifact-metadata: write contents: read jobs: diff --git a/.github/workflows/docker-build-push-jfrog.yaml b/.github/workflows/docker-build-push-jfrog.yaml index 30ebd52..cf9392c 100644 --- a/.github/workflows/docker-build-push-jfrog.yaml +++ b/.github/workflows/docker-build-push-jfrog.yaml @@ -119,7 +119,6 @@ on: permissions: id-token: write attestations: write - artifact-metadata: write contents: read jobs: diff --git a/.github/workflows/docker-promote-dockerhub.yaml b/.github/workflows/docker-promote-dockerhub.yaml index 26f7657..b9693bf 100644 --- a/.github/workflows/docker-promote-dockerhub.yaml +++ b/.github/workflows/docker-promote-dockerhub.yaml @@ -33,12 +33,6 @@ on: description: "Docker Hub password" required: true -permissions: - id-token: write - attestations: write - artifact-metadata: write - contents: read - jobs: promote: name: Promote Docker image diff --git a/.github/workflows/docker-promote-jfrog.yaml b/.github/workflows/docker-promote-jfrog.yaml index c094fb0..a1708a1 100644 --- a/.github/workflows/docker-promote-jfrog.yaml +++ b/.github/workflows/docker-promote-jfrog.yaml @@ -40,12 +40,6 @@ on: required: false default: false -permissions: - id-token: write - attestations: write - artifact-metadata: write - contents: read - jobs: promote: name: Promote Docker image