From 55bd5bf4ce6fb31b8ea58fcaa6c7744f2491a25c Mon Sep 17 00:00:00 2001 From: Jorge Turrado Ferrero Date: Tue, 17 Dec 2024 18:33:25 +0100 Subject: [PATCH] fix: use right token permissions (#6430) Signed-off-by: Jorge Turrado --- .github/workflows/main-build.yml | 9 +++++++++ .github/workflows/template-smoke-tests.yml | 3 --- .github/workflows/template-trivy-scan.yml | 4 ---- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 2803a9073a5..3b5833ba31c 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -92,6 +92,9 @@ jobs: trivy-scan: needs: build + permissions: + contents: read + security-events: write uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main with: runs-on: ubuntu-latest @@ -102,6 +105,9 @@ jobs: trivy-scan-metrics-server: needs: build + permissions: + contents: read + security-events: write strategy: matrix: runner: [ARM64, ubuntu-latest] @@ -116,6 +122,9 @@ jobs: trivy-scan-keda: needs: build + permissions: + contents: read + security-events: write strategy: matrix: runner: [ARM64, ubuntu-latest] diff --git a/.github/workflows/template-smoke-tests.yml b/.github/workflows/template-smoke-tests.yml index a3f29146b72..07361c56ab1 100644 --- a/.github/workflows/template-smoke-tests.yml +++ b/.github/workflows/template-smoke-tests.yml @@ -13,9 +13,6 @@ on: required: true type: string -permissions: - contents: read - jobs: smoke-tests: name: Validate k8s-${{ inputs.kubernetesVersion }} diff --git a/.github/workflows/template-trivy-scan.yml b/.github/workflows/template-trivy-scan.yml index 5b26467d30f..69889ab7798 100644 --- a/.github/workflows/template-trivy-scan.yml +++ b/.github/workflows/template-trivy-scan.yml @@ -31,10 +31,6 @@ on: required: true type: boolean -permissions: - contents: read - security-events: write - jobs: trivy-scan: name: Trivy - ${{ inputs.runs-on }} - ${{ inputs.scan-type }} ${{ inputs.image-ref }}