From 42228c4466dcc434df18d915ac1d0725798b22c7 Mon Sep 17 00:00:00 2001 From: sk593 Date: Tue, 6 Aug 2024 15:13:38 -0700 Subject: [PATCH] update permissions in workflow Signed-off-by: sk593 --- .github/workflows/publish-bicep.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-bicep.yaml b/.github/workflows/publish-bicep.yaml index e775494f..cdf9b0d3 100644 --- a/.github/workflows/publish-bicep.yaml +++ b/.github/workflows/publish-bicep.yaml @@ -27,6 +27,10 @@ on: workflow_dispatch: inputs: {} +permissions: + id-token: write + contents: read + env: # bicep-types ACR url for uploading AWS Bicep types BICEP_TYPES_REGISTRY: 'biceptypes.azurecr.io' @@ -82,21 +86,21 @@ jobs: path: ./artifacts/bicep if-no-files-found: error - name: 'Login via Azure CLI' - if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} + # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} uses: azure/login@v2 with: client-id: ${{ secrets.BICEPTYPES_CLIENT_ID }} tenant-id: ${{ secrets.BICEPTYPES_TENANT_ID }} subscription-id: ${{ secrets.BICEPTYPES_SUBSCRIPTION_ID }} - name: Setup and verify bicep CLI - if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} + # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} run: | curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 chmod +x ./bicep sudo mv ./bicep /usr/local/bin/bicep bicep --version - name: Publish bicep types - if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} + # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} env: VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }} run: |