More permissions

joke1196 · joke1196 · commit 2f518d9857da · 2025-10-21T10:42:08.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -36,7 +36,7 @@ jobs:
     needs: [build]
     permissions:
       id-token: write
-      contents: read
+      contents: write
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
@@ -47,6 +47,7 @@ jobs:
         with:
           sonar-platform: none                                 
           artifactory-reader-role: private-reader        
+          artifactory-deployer-role: qa-deployer
       - run: |
           poetry run black src/ tests/ --check
           poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/
@@ -99,7 +100,7 @@ jobs:
     needs: [build]
     permissions:
       id-token: write
-      contents: read
+      contents: write
     strategy:
       matrix:
         python-version: ["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2"]
@@ -114,13 +115,17 @@ jobs:
           sonar-platform: none                                 
           python-version: ${{ matrix.python-version }}
           artifactory-reader-role: private-reader        
+          artifactory-deployer-role: qa-deployer
       - run: |
           poetry run pytest tests/
 
   qa-windows:
     name: "Test Windows"
     runs-on: github-windows-latest-s
     needs: [build]
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
@@ -130,6 +135,7 @@ jobs:
         with:
           sonar-platform: none                                 
           artifactory-reader-role: private-reader        
+          artifactory-deployer-role: qa-deployer
       - run: |
           poetry run pytest tests/
 
