Add a security warning (#254)

immutable-art · web-flow · commit 37636f0b5829 · 2024-10-30T09:11:34.000+11:00
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -10,8 +10,8 @@ jobs:
     name: Publish to NPM
     runs-on: ubuntu-latest
     permissions:
-      id-token: write # Required for GitHub Attestation
-      attestations: write # Required for GitHub Attestation 
+      id-token: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident !
+      attestations: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident !
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -61,6 +61,7 @@ jobs:
         run: |
           rm -rf dist && yarn build
 
+      # ! Do NOT remove - this will cause a Sev 0 incident !
       - name: Generate SDK attestation
         uses: actions/attest-build-provenance@v1
         with:
