CI: update permissions on workflows which get external secrets (#104792) (#105788)

update permissions (cherry picked from commit e36d774d0c) Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com>
2025-05-21 13:55:57 -07:00
parent 126414404e
commit ffc957b64d
3 changed files with 4 additions and 2 deletions
@@ -63,6 +63,7 @@ jobs:
      DRY_RUN: ${{ inputs.dry_run }}
    runs-on: ubuntu-latest
    permissions:
+      id-token: write
      contents: write
      pull-requests: write
    steps:
@@ -20,6 +20,7 @@ permissions: {}
 jobs:
  dispatch-job:
    permissions:
+      id-token: write
      contents: read
      actions: write
    env:
@@ -10,14 +10,14 @@ on:
      - "v*.*.*"
      - "release-*"

-permissions:
-  id-token: write
+permissions: {}

 # This is run after the pull request has been merged, so we'll run against the target branch
 jobs:
  dispatch-job:
    runs-on: ubuntu-latest
    permissions:
+      id-token: write
      contents: read
      actions: write
    env: