From d05f8466ef1920c224642726c5bcb16af25e5460 Mon Sep 17 00:00:00 2001 From: rrigato Date: Sun, 21 Apr 2024 08:42:21 -0500 Subject: [PATCH] correct permissions for pipeline --- .github/workflows/homepage_update.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/homepage_update.yml b/.github/workflows/homepage_update.yml index 556d3ae..f098100 100644 --- a/.github/workflows/homepage_update.yml +++ b/.github/workflows/homepage_update.yml @@ -6,6 +6,9 @@ on: jobs: deploy-website-source-files: + permissions: + contents: read + id-token: write runs-on: ubuntu-latest name: web source files to s3 defaults: @@ -25,6 +28,9 @@ jobs: - run: npm run build + - name: script-execution-permissions + run: chmod +x '../.github/scripts/homepage_source_files.sh' + - name: assume-github-actions-role uses: aws-actions/configure-aws-credentials@v4 with: @@ -32,25 +38,23 @@ jobs: aws-region: ${{vars.REGION_NAME}} role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID}}:role/${{secrets.PIPELINE_ROLE_NAME}} - - name: script-execution-permissions - run: chmod +x '../.github/scripts/homepage_source_files.sh' - - name: upload-webpack-artifacts shell: bash env: - AWS_ACCESS_KEY_ID: ${{secrets.PERSISTANT_STORAGE_ID}} AWS_DEFAULT_REGION: ${{vars.REGION_NAME}} - AWS_SECRET_ACCESS_KEY: ${{secrets.PERSISTANT_STORAGE_KEY}} run: '../.github/scripts/homepage_source_files.sh' publish-commit-artifact: - needs: deploy-website-source-files - runs-on: ubuntu-latest - name: favicon to s3 bucket env: ORCHESTRATION_SCRIPT: './.github/scripts/orchestrate_artifacts.sh' + needs: deploy-website-source-files + name: favicon to s3 bucket + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest steps: - name: checkout-current-branch