Skip to content

Commit 8866351

Browse files
karimzakzoukkarimzakzouk
committed
Refactor permissions in workflow files: update permissions to write for contents, packages, and actions in main pipeline, docker, and deploy workflows.
1 parent 9555721 commit 8866351

File tree

3 files changed

+19
-15
lines changed

3 files changed

+19
-15
lines changed

.github/workflows/deploy.yml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,10 +26,6 @@ jobs:
2626
name: Deploy to Kubernetes
2727
runs-on: ubuntu-latest
2828
environment: production
29-
permissions:
30-
contents: write
31-
actions: read
32-
3329
steps:
3430
- name: Checkout Repository
3531
uses: actions/checkout@v5

.github/workflows/docker.yml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,6 @@ on:
1414
description: "Docker image tag"
1515
value: ${{ jobs.docker-build.outputs.image-tag }}
1616

17-
permissions:
18-
contents: write
19-
packages: write
20-
id-token: write
21-
2217
env:
2318
MONGO_URI: ${{ secrets.MONGO_URI }}
2419
MONGO_USERNAME: ${{ secrets.MONGO_USERNAME }}
@@ -28,9 +23,7 @@ jobs:
2823
docker-build:
2924
name: Docker Build and Test
3025
runs-on: ubuntu-latest
31-
permissions:
32-
contents: read
33-
packages: write
26+
3427
outputs:
3528
image-tag: ${{ github.sha }}
3629

.github/workflows/main-pipeline.yml

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
name: Solar System - Main Pipeline
2-
32
on:
43
workflow_dispatch:
54
inputs:
@@ -36,15 +35,21 @@ jobs:
3635
if: ${{ !inputs.skip-tests }}
3736
uses: ./.github/workflows/ci.yml
3837
secrets: inherit
38+
permissions:
39+
contents: write
40+
packages: write
41+
id-token: write
42+
actions: read
3943

4044
docker:
4145
name: Build Docker Image
4246
if: ${{ !inputs.skip-docker && (success() || inputs.skip-tests) }}
4347
needs: [ci]
4448
permissions:
45-
contents: read
49+
contents: write
4650
packages: write
4751
id-token: write
52+
actions: read
4853
uses: ./.github/workflows/docker.yml
4954
secrets: inherit
5055
with:
@@ -56,6 +61,11 @@ jobs:
5661
needs: [docker]
5762
uses: ./.github/workflows/terraform.yml
5863
secrets: inherit
64+
permissions:
65+
contents: write
66+
packages: write
67+
id-token: write
68+
actions: read
5969
with:
6070
terraform-action: 'apply'
6171

@@ -65,5 +75,10 @@ jobs:
6575
needs: [terraform, docker]
6676
uses: ./.github/workflows/deploy.yml
6777
secrets: inherit
78+
permissions:
79+
contents: write
80+
packages: write
81+
id-token: write
82+
actions: read
6883
with:
69-
image-tag: ${{ github.sha }}
84+
image-tag: ${{ github.sha }}

0 commit comments

Comments
 (0)