From bd8fd7ca9f851a2030978a45e577048ec4f8baf2 Mon Sep 17 00:00:00 2001 From: Fraser Molyneux Date: Thu, 9 Nov 2023 21:31:19 +0000 Subject: [PATCH] Updating workflow permissions --- .github/workflows/codequality.yml | 1 - .github/workflows/feature-development.yml | 1 + .github/workflows/integration-tests.yml | 2 +- .github/workflows/pull-request-validation.yml | 1 + .github/workflows/release-to-production.yml | 1 + 5 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codequality.yml b/.github/workflows/codequality.yml index 5924de7e..01fdf70e 100644 --- a/.github/workflows/codequality.yml +++ b/.github/workflows/codequality.yml @@ -3,7 +3,6 @@ name: Code Quality on: push permissions: - id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout actions: read # Required by CodeQL security-events: write # Required by CodeQL diff --git a/.github/workflows/feature-development.yml b/.github/workflows/feature-development.yml index 73c8c2bd..6f5d29af 100644 --- a/.github/workflows/feature-development.yml +++ b/.github/workflows/feature-development.yml @@ -7,6 +7,7 @@ on: - "feature/*" permissions: + id-token: write # This is required for Az CLI Login contents: read # This is required for actions/checkout jobs: diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 25ee5369..e874f157 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -7,7 +7,7 @@ on: - "integration/*" permissions: - id-token: write # This is required for requesting the JWT + id-token: write # This is required for Az CLI Login contents: read # This is required for actions/checkout jobs: diff --git a/.github/workflows/pull-request-validation.yml b/.github/workflows/pull-request-validation.yml index 4d9b4b91..d904971b 100644 --- a/.github/workflows/pull-request-validation.yml +++ b/.github/workflows/pull-request-validation.yml @@ -7,6 +7,7 @@ on: - main permissions: + id-token: write # This is required for Az CLI Login contents: read # This is required for actions/checkout concurrency: # This is required to prevent multiple runs of the same workflow from running at the same time. diff --git a/.github/workflows/release-to-production.yml b/.github/workflows/release-to-production.yml index 5a3e9ebc..0d9c9dd7 100644 --- a/.github/workflows/release-to-production.yml +++ b/.github/workflows/release-to-production.yml @@ -9,6 +9,7 @@ on: - cron: "0 3 * * 3" # Every Wednesday at 3am permissions: + id-token: write # This is required for Az CLI Login contents: read # This is required for actions/checkout concurrency: # This is required to prevent multiple runs of the same workflow from running at the same time.