CI: update permissions on workflows which get external secrets (#104792) (#105792)

update permissions (cherry picked from commit e36d774d0c) Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com>
1 month ago · b6ab3b4a8d
parent 4e3bdbae71
commit b6ab3b4a8d
3 changed files with 4 additions and 2 deletions
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@ -63,6 +63,7 @@ jobs:
      DRY_RUN: ${{ inputs.dry_run }}
    runs-on: ubuntu-latest
    permissions:
+      id-token: write
      contents: write
      pull-requests: write
    steps:
--- a/.github/workflows/pr-patch-check-event.yml
+++ b/.github/workflows/pr-patch-check-event.yml
@ -20,6 +20,7 @@ permissions: {}
 jobs:
  dispatch-job:
    permissions:
+      id-token: write
      contents: read
      actions: write
    env:
--- a/.github/workflows/sync-mirror-event.yml
+++ b/.github/workflows/sync-mirror-event.yml
@ -10,14 +10,14 @@ on:
      - "v*.*.*"
      - "release-*"

-permissions:
-  id-token: write
+permissions: {}

 # This is run after the pull request has been merged, so we'll run against the target branch
 jobs:
  dispatch-job:
    runs-on: ubuntu-latest
    permissions:
+      id-token: write
      contents: read
      actions: write
    env: