From fb8c8bf0587ce04151f2a8335a930dd283ffb5dd Mon Sep 17 00:00:00 2001 From: Guillaume Lhermenier Date: Sat, 22 Jun 2024 00:13:03 +0200 Subject: [PATCH] Fix permissions set on docker build/publish and align with main & release workflows --- .github/workflows/docker_build.yml | 1 - .github/workflows/docker_publish.yml | 3 +++ .github/workflows/main.yml | 3 --- .github/workflows/release.yml | 3 --- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index c6b0d8ed3..2c4f513d5 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -12,7 +12,6 @@ on: permissions: contents: read - packages: write jobs: build: diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml index 90346a126..fe3418f7a 100644 --- a/.github/workflows/docker_publish.yml +++ b/.github/workflows/docker_publish.yml @@ -11,6 +11,9 @@ on: required: true type: string +permissions: + packages: write + jobs: deploy: continue-on-error: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f3b967eba..2d372e5fb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -51,7 +51,6 @@ jobs: needs: jar-build permissions: contents: read - packages: write uses: ./.github/workflows/docker_build.yml secrets: inherit with: @@ -61,8 +60,6 @@ jobs: docker-deploy: needs: [jar-build, docker-build] permissions: - contents: read # To read secrets - id-token: write # This is required for requesting the JWT packages: write uses: ./.github/workflows/docker_publish.yml secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93e0f1701..1518f5f3c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,7 +57,6 @@ jobs: needs: release permissions: contents: read - packages: write uses: ./.github/workflows/docker_build.yml secrets: inherit with: @@ -67,8 +66,6 @@ jobs: docker-deploy: needs: [release, docker-build] permissions: - contents: read # To read secrets - id-token: write # This is required for requesting the JWT packages: write uses: ./.github/workflows/docker_publish.yml secrets: inherit