From e07071721f85c1bacaa13fb8a687e8fd2d0f6d7f Mon Sep 17 00:00:00 2001
From: George Mulhearn <gmulhearn@anonyome.com>
Date: Thu, 15 Aug 2024 13:48:01 +1000
Subject: [PATCH 1/5] try permissions in CI

Signed-off-by: George Mulhearn <gmulhearn@anonyome.com>
---
 .github/workflows/main.yml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a9baffc82f..f44733e366 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -146,9 +146,12 @@ jobs:
 
   # todo: move to indy-vdr repo
   build-docker-vdrproxy:
+    runs-on: ubuntu-20.04
+    permissions:
+      content: read
+      packages: write
     needs: [ workflow-setup ]
     if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
-    runs-on: ubuntu-20.04
     env:
       DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }}
       BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
@@ -176,9 +179,12 @@ jobs:
 
   # builds and publishes main branch AATH backchannels
   build-docker-aath-backchannel:
-    needs: [ workflow-setup ]
-    if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }}
     runs-on: ubuntu-20.04
+    permissions:
+      content: read
+      packages: write
+    needs: [ workflow-setup ]
+    # if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }}
     env:
       DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }}
       BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
@@ -209,6 +215,9 @@ jobs:
 
   publish-docker-vdrproxy:
     runs-on: ubuntu-20.04
+    permissions:
+      content: read
+      packages: write
     needs: [ workflow-setup, build-docker-vdrproxy ]
     if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
     env:
@@ -237,6 +246,9 @@ jobs:
   # additional publish of the AATH backchannel image with tagged versions for tags
   publish-docker-aath-backchannel:
     runs-on: ubuntu-20.04
+    permissions:
+      content: read
+      packages: write
     needs: [ workflow-setup, build-docker-aath-backchannel ]
     if: ${{ needs.workflow-setup.outputs.RELEASE == 'true' || needs.workflow-setup.outputs.PRERELEASE == 'true' }}
     env:

From e98abe6c9b066889f5056c9343d4593348d5b79c Mon Sep 17 00:00:00 2001
From: George Mulhearn <gmulhearn@anonyome.com>
Date: Thu, 15 Aug 2024 13:50:01 +1000
Subject: [PATCH 2/5] typo

Signed-off-by: George Mulhearn <gmulhearn@anonyome.com>
---
 .github/workflows/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index f44733e366..43d4bf5631 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -148,7 +148,7 @@ jobs:
   build-docker-vdrproxy:
     runs-on: ubuntu-20.04
     permissions:
-      content: read
+      contents: read
       packages: write
     needs: [ workflow-setup ]
     if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
@@ -181,7 +181,7 @@ jobs:
   build-docker-aath-backchannel:
     runs-on: ubuntu-20.04
     permissions:
-      content: read
+      contents: read
       packages: write
     needs: [ workflow-setup ]
     # if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }}
@@ -216,7 +216,7 @@ jobs:
   publish-docker-vdrproxy:
     runs-on: ubuntu-20.04
     permissions:
-      content: read
+      contents: read
       packages: write
     needs: [ workflow-setup, build-docker-vdrproxy ]
     if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
@@ -247,7 +247,7 @@ jobs:
   publish-docker-aath-backchannel:
     runs-on: ubuntu-20.04
     permissions:
-      content: read
+      contents: read
       packages: write
     needs: [ workflow-setup, build-docker-aath-backchannel ]
     if: ${{ needs.workflow-setup.outputs.RELEASE == 'true' || needs.workflow-setup.outputs.PRERELEASE == 'true' }}

From de671b34b4b277cbfcae6f13d2fbbcf133cf27f7 Mon Sep 17 00:00:00 2001
From: George Mulhearn <gmulhearn@anonyome.com>
Date: Thu, 15 Aug 2024 13:58:54 +1000
Subject: [PATCH 3/5] change for the sake of it

Signed-off-by: George Mulhearn <gmulhearn@anonyome.com>
---
 aries/agents/aath-backchannel/src/main.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aries/agents/aath-backchannel/src/main.rs b/aries/agents/aath-backchannel/src/main.rs
index d0fed19de4..db22215bde 100644
--- a/aries/agents/aath-backchannel/src/main.rs
+++ b/aries/agents/aath-backchannel/src/main.rs
@@ -141,7 +141,7 @@ async fn main() -> std::io::Result<()> {
             .service(web::scope("/didcomm").route("", web::post().to(didcomm::receive_message)))
     })
     .keep_alive(std::time::Duration::from_secs(30))
-    .client_request_timeout(std::time::Duration::from_secs(30))
+    .client_request_timeout(std::time::Duration::from_secs(32))
     .workers(1)
     .bind(format!("{}:{}", host, opts.port))?
     .run()

From 3838549064c836a676d82bdaef99fb75a9dcf461 Mon Sep 17 00:00:00 2001
From: George Mulhearn <gmulhearn@anonyome.com>
Date: Thu, 15 Aug 2024 14:14:34 +1000
Subject: [PATCH 4/5] try global permissions

Signed-off-by: George Mulhearn <gmulhearn@anonyome.com>
---
 .github/workflows/main.yml                | 4 ++++
 aries/agents/aath-backchannel/src/main.rs | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 43d4bf5631..24d1849075 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,6 +8,10 @@ on:
     branches:
       - "**"
 
+permissions:
+  contents: read
+  packages: write
+
 env:
   DOCKER_BUILDKIT: 1
   MAIN_BRANCH: main
diff --git a/aries/agents/aath-backchannel/src/main.rs b/aries/agents/aath-backchannel/src/main.rs
index db22215bde..8a70c3f2ae 100644
--- a/aries/agents/aath-backchannel/src/main.rs
+++ b/aries/agents/aath-backchannel/src/main.rs
@@ -141,7 +141,7 @@ async fn main() -> std::io::Result<()> {
             .service(web::scope("/didcomm").route("", web::post().to(didcomm::receive_message)))
     })
     .keep_alive(std::time::Duration::from_secs(30))
-    .client_request_timeout(std::time::Duration::from_secs(32))
+    .client_request_timeout(std::time::Duration::from_secs(31))
     .workers(1)
     .bind(format!("{}:{}", host, opts.port))?
     .run()

From ed1c43d6aed7a708dfe336769c25a2c674809bbd Mon Sep 17 00:00:00 2001
From: George Mulhearn <gmulhearn@anonyome.com>
Date: Thu, 15 Aug 2024 14:38:53 +1000
Subject: [PATCH 5/5] revert and scope the permissions

Signed-off-by: George Mulhearn <gmulhearn@anonyome.com>
---
 .github/workflows/main.yml                | 6 +-----
 aries/agents/aath-backchannel/src/main.rs | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 24d1849075..f95f1d1beb 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,10 +8,6 @@ on:
     branches:
       - "**"
 
-permissions:
-  contents: read
-  packages: write
-
 env:
   DOCKER_BUILDKIT: 1
   MAIN_BRANCH: main
@@ -188,7 +184,7 @@ jobs:
       contents: read
       packages: write
     needs: [ workflow-setup ]
-    # if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }}
+    if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }}
     env:
       DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }}
       BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
diff --git a/aries/agents/aath-backchannel/src/main.rs b/aries/agents/aath-backchannel/src/main.rs
index 8a70c3f2ae..d0fed19de4 100644
--- a/aries/agents/aath-backchannel/src/main.rs
+++ b/aries/agents/aath-backchannel/src/main.rs
@@ -141,7 +141,7 @@ async fn main() -> std::io::Result<()> {
             .service(web::scope("/didcomm").route("", web::post().to(didcomm::receive_message)))
     })
     .keep_alive(std::time::Duration::from_secs(30))
-    .client_request_timeout(std::time::Duration::from_secs(31))
+    .client_request_timeout(std::time::Duration::from_secs(30))
     .workers(1)
     .bind(format!("{}:{}", host, opts.port))?
     .run()