From 9232042c55246d1a2384318361dbc865ea8b38db Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 9 Nov 2023 19:15:13 +0100 Subject: [PATCH] ci: fix permissions for release pipeline to publish binaries (#7512) ci: fix permissions Signed-off-by: Jens Langhammer --- .github/workflows/ci-main.yml | 2 ++ .github/workflows/ci-outpost.yml | 1 + .github/workflows/release-next-branch.yml | 1 + .github/workflows/release-publish.yml | 5 +++++ .github/workflows/repo-stale.yml | 2 +- 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index 311b8324c..b78500a2c 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -187,6 +187,7 @@ jobs: needs: ci-core-mark runs-on: ubuntu-latest permissions: + # Needed to upload contianer images to ghcr.io packages: write timeout-minutes: 120 steps: @@ -239,6 +240,7 @@ jobs: needs: ci-core-mark runs-on: ubuntu-latest permissions: + # Needed to upload contianer images to ghcr.io packages: write timeout-minutes: 120 steps: diff --git a/.github/workflows/ci-outpost.yml b/.github/workflows/ci-outpost.yml index 4b286d07f..ba0447798 100644 --- a/.github/workflows/ci-outpost.yml +++ b/.github/workflows/ci-outpost.yml @@ -67,6 +67,7 @@ jobs: - radius runs-on: ubuntu-latest permissions: + # Needed to upload contianer images to ghcr.io packages: write steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/release-next-branch.yml b/.github/workflows/release-next-branch.yml index 233398e95..57b672d28 100644 --- a/.github/workflows/release-next-branch.yml +++ b/.github/workflows/release-next-branch.yml @@ -6,6 +6,7 @@ on: workflow_dispatch: permissions: + # Needed to be able to push to the next branch contents: write jobs: diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 9ba260281..fe6233740 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -8,6 +8,7 @@ jobs: build-server: runs-on: ubuntu-latest permissions: + # Needed to upload contianer images to ghcr.io packages: write steps: - uses: actions/checkout@v4 @@ -55,6 +56,7 @@ jobs: build-outpost: runs-on: ubuntu-latest permissions: + # Needed to upload contianer images to ghcr.io packages: write strategy: fail-fast: false @@ -110,6 +112,9 @@ jobs: build-outpost-binary: timeout-minutes: 120 runs-on: ubuntu-latest + permissions: + # Needed to upload binaries to the release + contents: write strategy: fail-fast: false matrix: diff --git a/.github/workflows/repo-stale.yml b/.github/workflows/repo-stale.yml index d7b9b66b4..5aa4f609c 100644 --- a/.github/workflows/repo-stale.yml +++ b/.github/workflows/repo-stale.yml @@ -6,8 +6,8 @@ on: workflow_dispatch: permissions: + # Needed to update issues and PRs issues: write - pull-requests: write jobs: stale: