Workflows fix small issues and permission problems

GeoDerp · Dec 13, 2024 · 0486e22 · 0486e22
1 parent 64e36f2
commit 0486e22
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 19 deletions.
diff --git a/.github/workflows/docker-build-test.yaml b/.github/workflows/docker-build-test.yaml
@@ -53,7 +53,7 @@ jobs:
         run: docker run --rm --entrypoint '/usr/bin/pip3' ${{ steps.build.outputs.imageid }} freeze >> ./${{ matrix.platform.target_arch }}-requirements.txt
       # Check Docker image debian and python packages list for known vulnerabilities 
       - name: "Run scanner" 
-        uses: "geoderp/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.9.1@v0.0.1"
+        uses: "geoderp/osv-scanner-action/.github/workflows/[email protected]"
         with:
           download-artifact: "${{ matrix.platform.target_arch }}-packages"
           matrix-property: "-${{ matrix.platform.target_arch }}"
@@ -62,4 +62,6 @@ jobs:
             --lockfile=requirements.txt:./${{matrix.platform.target_arch }}-requirements.txt
             --recursive
             --skip-git
-            ./
+            ./
+        permissions:
+          security-events: write
diff --git a/.github/workflows/publish_docker.yaml b/.github/workflows/publish_docker.yaml
@@ -16,12 +16,7 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest  
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
@@ -110,11 +105,6 @@ jobs:
   osv-scan:
     needs:
       - build
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
     strategy:
       fail-fast: false
       matrix:
@@ -134,16 +124,13 @@ jobs:
         --recursive
         --skip-git
         ./
+    permissions:
+      security-events: write
 
 # Merge platforms into images into a multi-platform image
   merge:
     if: always()
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
     needs:
       - osv-scan
       - build

diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml
@@ -19,6 +19,8 @@ jobs:
         --recursive
         --skip-git=true
         ./
+    permissions:
+      security-events: write
   build:
     runs-on: ${{ matrix.os }}
     needs:

diff --git a/.github/workflows/upload-package-to-pypi.yaml b/.github/workflows/upload-package-to-pypi.yaml
@@ -8,7 +8,7 @@ on:
 jobs:
   # Google OSV-Scanner  
   osv-scan:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected]"
+    uses: "geoderp/osv-scanner-action/.github/workflows/[email protected]"
     with:
       scan-args: |-
         --recursive