From b0700559912f49ffeafd9a408a6a95a32a79c12f Mon Sep 17 00:00:00 2001 From: Josh Buker Date: Wed, 25 Sep 2024 12:07:29 -0700 Subject: [PATCH] Update README to include bit about permissions near the top Currently the info about permissions is below the fold, and I missed it when implementing the action for my own projects. Signed-off-by: Josh Buker --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 5c615d72..1990d88e 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,17 @@ and upload a workflow artifact SBOM in SPDX format. It will also detect if being run during a [GitHub release](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases) and upload the SBOM as a release asset. +> [!IMPORTANT] +> To upload the SBOM to releases, you will need to give the action permission to read the artifact from the action, and write it to the release: +> ```yaml +> jobs: +> build: +> permissions: +> actions: read +> contents: write +> steps: +> ``` + ## Example Usage ### Scan a container image