Update write permissions and log into ghcr.io for release (#942)

2026-02-12 02:26:42 +01:00 · 2022-04-06 17:15:55 -04:00 · 2022-04-06 17:15:55 -04:00 · e415bb21e7
commit e415bb21e7
parent 748cfbf006
2 changed files with 13 additions and 0 deletions
--- a/.github/scripts/apple-signing/setup-prod.sh
+++ b/.github/scripts/apple-signing/setup-prod.sh
@ -21,6 +21,14 @@ fi
 if [ -z "$DOCKER_PASSWORD" ]; then
  exit_with_error "DOCKER_PASSWORD not set"
 fi
+
+if [ -z "$GHCR_USERNAME" ]; then
+  exit_with_error "GHCR_USERNAME not set"
+fi
+
+if [ -z "$GHCR_PASSWORD" ]; then
+  exit_with_error "GHCR_PASSWORD not set"
+fi
 set -u

 # setup_signing
@ -41,4 +49,5 @@ setup_signing() {

  commentary "log into docker -- required for publishing (since the default keychain has now been replaced)"
  echo "${DOCKER_PASSWORD}" | docker login docker.io -u "${DOCKER_USERNAME}"  --password-stdin
+  echo "${GHCR_PASSWORD}" | docker login ghcr.io -u "${GHCR_USERNAME}"  --password-stdin
 }
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -94,6 +94,8 @@ jobs:
    needs: [quality-gate]
    # due to our code signing process, it's vital that we run our release steps on macOS
    runs-on: macos-latest
+    permissions:
+      packages: write
    steps:
      - uses: docker-practice/actions-setup-docker@v1

@ -128,6 +130,8 @@ jobs:
      - name: Build & publish release artifacts
        run: make release
        env:
+          GHCR_USERNAME: ${{ github.actor }}
+          GHCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
          DOCKER_USERNAME: ${{ secrets.TOOLBOX_DOCKER_USER }}
          DOCKER_PASSWORD: ${{ secrets.TOOLBOX_DOCKER_PASS }}
          # we use a different token than GITHUB_SECRETS to additionally allow updating the homebrew repos