Merge pull request #58 from CoReason-AI/fix-docker-permissions-ghcr-1739309188844099428 (#59)

gowthamrao · web-flow · commit cdf49a3248bc · 2026-01-12T23:40:34.000-05:00
Fix 403 Forbidden on GHCR push by adding attestations permissions
diff --git a/hooks/post_gen_project.py b/hooks/post_gen_project.py
@@ -25,7 +25,11 @@
     # Initialize git
     subprocess.run(["git", "init", "-b", "main"], check=True, shell=use_shell)
     subprocess.run(["git", "add", "."], check=True, shell=use_shell)
-    subprocess.run(["git", "commit", "-m", "Initial commit from cookiecutter"], check=True, shell=use_shell)
+    subprocess.run(
+        ["git", "commit", "-m", "Initial commit from cookiecutter"],
+        check=True,
+        shell=use_shell,
+    )
 
     # Install dependencies
     print("\nInstalling dependencies with Poetry...")
diff --git a/hooks/pre_gen_project.py b/hooks/pre_gen_project.py
@@ -11,11 +11,11 @@
 import re
 import sys
 
-MODULE_REGEX = r'^[_a-zA-Z][_a-zA-Z0-9]+$'
+MODULE_REGEX = r"^[_a-zA-Z][_a-zA-Z0-9]+$"
 
-module_name = '{{ cookiecutter.project_slug }}'
+module_name = "{{ cookiecutter.project_slug }}"
 
 if not re.match(MODULE_REGEX, module_name):
-    print(f'ERROR: The project slug ({module_name}) is not a valid Python module name.')
+    print(f"ERROR: The project slug ({module_name}) is not a valid Python module name.")
     print('Please do not use a "-" and ensure it starts with a letter or underscore.')
     sys.exit(1)
diff --git a/readme.md b/readme.md
@@ -1 +1 @@
-cookiecutter https://github.com/CoReason-AI/python_template --checkout main
+cookiecutter https://github.com/CoReason-AI/python_template --checkout main
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/ci-cd.yml b/{{cookiecutter.project_slug}}/.github/workflows/ci-cd.yml
@@ -130,4 +130,4 @@ jobs:
         with:
           user: __token__
           password: ${{ secrets.PYPI_API_TOKEN }}
-{% endraw %}
+{% endraw %}
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/docker.yml b/{{cookiecutter.project_slug}}/.github/workflows/docker.yml
@@ -10,6 +10,8 @@ on:
 permissions:
   contents: read
   packages: write
+  attestations: write
+  id-token: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -57,4 +59,4 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
-{% endraw %}
+{% endraw %}
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/publish.yml b/{{cookiecutter.project_slug}}/.github/workflows/publish.yml
@@ -42,4 +42,4 @@ jobs:
         # No 'user' or 'password' fields are needed here.
         # The action automatically uses the OIDC token from the
         # 'id-token: write' permission.
-{% endraw %}
+{% endraw %}

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-cookiecutter https://github.com/CoReason-AI/python_template --checkout main`
	`1`	`+cookiecutter https://github.com/CoReason-AI/python_template --checkout main`