From a617cc8bbd66c0040ce90f4735cd5b4bf4a85475 Mon Sep 17 00:00:00 2001 From: jt-dd Date: Wed, 28 Aug 2024 17:56:47 +0200 Subject: [PATCH 1/2] fix workflows RBAC --- .github/workflows/datadog-static-analysis.yml | 2 +- .github/workflows/system-test.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml index 26514b160..9dc91425e 100644 --- a/.github/workflows/datadog-static-analysis.yml +++ b/.github/workflows/datadog-static-analysis.yml @@ -4,7 +4,7 @@ on: push: permissions: - contents: write + contents: write # write permission is needed to get access to the DD_API_KEY secrete - https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#accessing-your-secrets jobs: static-analysis: diff --git a/.github/workflows/system-test.yml b/.github/workflows/system-test.yml index ae8b80b7d..8087a73f5 100644 --- a/.github/workflows/system-test.yml +++ b/.github/workflows/system-test.yml @@ -6,6 +6,9 @@ on: - main pull_request: +permissions: + contents: read # to fetch code (actions/checkout) + jobs: system-test: runs-on: From 79218e05c7f67cd4339e85b2796560e3c93cfa4d Mon Sep 17 00:00:00 2001 From: jt-dd <112463504+jt-dd@users.noreply.github.com> Date: Wed, 28 Aug 2024 18:35:34 +0200 Subject: [PATCH 2/2] Update .github/workflows/datadog-static-analysis.yml Co-authored-by: Edouard Schweisguth --- .github/workflows/datadog-static-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml index 9dc91425e..cb1cd270f 100644 --- a/.github/workflows/datadog-static-analysis.yml +++ b/.github/workflows/datadog-static-analysis.yml @@ -4,7 +4,7 @@ on: push: permissions: - contents: write # write permission is needed to get access to the DD_API_KEY secrete - https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#accessing-your-secrets + contents: write # write permission is needed to get access to the DD_API_KEY secret - https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#accessing-your-secrets jobs: static-analysis: