Skip to content

Commit 2f518d9

Browse files
committed
More permissions
1 parent a56a156 commit 2f518d9

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

.github/workflows/build.yml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636
needs: [build]
3737
permissions:
3838
id-token: write
39-
contents: read
39+
contents: write
4040
steps:
4141
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
4242
- uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
@@ -47,6 +47,7 @@ jobs:
4747
with:
4848
sonar-platform: none
4949
artifactory-reader-role: private-reader
50+
artifactory-deployer-role: qa-deployer
5051
- run: |
5152
poetry run black src/ tests/ --check
5253
poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/
@@ -99,7 +100,7 @@ jobs:
99100
needs: [build]
100101
permissions:
101102
id-token: write
102-
contents: read
103+
contents: write
103104
strategy:
104105
matrix:
105106
python-version: ["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2"]
@@ -114,13 +115,17 @@ jobs:
114115
sonar-platform: none
115116
python-version: ${{ matrix.python-version }}
116117
artifactory-reader-role: private-reader
118+
artifactory-deployer-role: qa-deployer
117119
- run: |
118120
poetry run pytest tests/
119121
120122
qa-windows:
121123
name: "Test Windows"
122124
runs-on: github-windows-latest-s
123125
needs: [build]
126+
permissions:
127+
id-token: write
128+
contents: write
124129
steps:
125130
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
126131
- uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
@@ -130,6 +135,7 @@ jobs:
130135
with:
131136
sonar-platform: none
132137
artifactory-reader-role: private-reader
138+
artifactory-deployer-role: qa-deployer
133139
- run: |
134140
poetry run pytest tests/
135141

0 commit comments

Comments
 (0)