Merge pull request #1676 from kubescape/fix/wf-permissions

fix
2026-03-03 02:00:27 +00:00 · 2024-04-30 16:29:32 +03:00 · 2024-04-30 16:28:19 +03:00 · 2024-04-30 16:25:48 +03:00 · 2024-04-30 16:23:30 +03:00 · 2024-04-30 16:19:40 +03:00
6 changed files with 9 additions and 9 deletions
--- a/.github/workflows/00-pr-scanner.yaml
+++ b/.github/workflows/00-pr-scanner.yaml
@@ -23,7 +23,6 @@ jobs:
    permissions:
      actions: read
      checks: read
-      contents: read
      deployments: read
      id-token: write
      issues: read
@@ -35,6 +34,7 @@ jobs:
      security-events: read
      statuses: read
      attestations: read
+      contents: write
    uses: ./.github/workflows/a-pr-scanner.yaml
    with:
      RELEASE: ""
@@ -48,7 +48,7 @@ jobs:
    permissions:
      actions: read
      checks: read
-      contents: read
+      contents: write
      deployments: read
      discussions: read
      id-token: write
--- a/.github/workflows/02-release.yaml
+++ b/.github/workflows/02-release.yaml
@@ -19,7 +19,6 @@ jobs:
    permissions:
      actions: read
      checks: read
-      contents: read
      deployments: read
      discussions: read
      id-token: write
@@ -30,6 +29,7 @@ jobs:
      repository-projects: read
      security-events: read
      statuses: read
+      contents: write
      attestations: write
    needs: [retag]
    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
@@ -68,7 +68,6 @@ jobs:
    permissions:
      actions: read
      checks: read
-      contents: read
      deployments: read
      discussions: read
      id-token: write
@@ -80,6 +79,7 @@ jobs:
      security-events: read
      statuses: read
      attestations: read
+      contents: write
    uses: ./.github/workflows/d-publish-image.yaml
    needs: [create-release, retag]
    with:
--- a/.github/workflows/b-binary-build-and-e2e-tests.yaml
+++ b/.github/workflows/b-binary-build-and-e2e-tests.yaml
@@ -164,7 +164,7 @@ jobs:

  build-http-image:
    permissions:
-      contents: read
+      contents: write
      id-token: write
      packages: write
      pull-requests: read
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -23,7 +23,7 @@ jobs:
    permissions:
      id-token: write
      packages: write
-      contents: read
+      contents: write
      pull-requests: read
    uses: kubescape/workflows/.github/workflows/incluster-comp-pr-merged.yaml@main
    with:
--- a/.github/workflows/c-create-release.yaml
+++ b/.github/workflows/c-create-release.yaml
@@ -24,8 +24,8 @@ jobs:
      MAC_OS: macos-latest
      UBUNTU_OS: ubuntu-latest
      WINDOWS_OS: windows-latest
-    # permissions:
-    #   contents: write
+    permissions:
+      contents: write
    steps:
      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
        id: download-artifact
--- a/.github/workflows/d-publish-image.yaml
+++ b/.github/workflows/d-publish-image.yaml
@@ -2,7 +2,7 @@ name: d-publish-image
 permissions:
  actions: read
  checks: read
-  contents: read
+  contents: write
  deployments: read
  discussions: read
  id-token: write
Author	SHA1	Message	Date
David Wertenteil	beb5a4d43e	Merge pull request #1676 from kubescape/fix/wf-permissions fix	2024-04-30 16:29:32 +03:00
David Wertenteil	77e21d5e94	fix Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-04-30 16:28:19 +03:00
David Wertenteil	3fd7bf40cc	Merge pull request #1675 from kubescape/fix/wf-permissions fix	2024-04-30 16:25:48 +03:00
David Wertenteil	18e0a227e1	fix Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-04-30 16:23:30 +03:00
David Wertenteil	060c17b480	Merge pull request #1674 from kubescape/fix/wf-permissions Permissions	2024-04-30 16:19:40 +03:00
David Wertenteil	e67a2e9d1c	permissions Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-04-30 15:59:19 +03:00