diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index c689fbd14..0d06f5cf9 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -93,6 +93,7 @@ jobs: name: publish permissions: contents: write + id-token: write needs: - prerequisites - build_provider diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 02041e1bd..cea926858 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -54,6 +54,7 @@ jobs: name: publish permissions: contents: write + id-token: write needs: - prerequisites - build_provider diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 6db0bfbf7..2442cea59 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -76,7 +76,7 @@ jobs: - name: Unit-test provider code run: make test_provider - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@0da7aa657d958d32c117fc47e1f977e7524753c7 # v5.3.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: inputs.is_pr diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f0474c71f..d435590c5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -208,6 +208,9 @@ jobs: verify_release: name: verify_release needs: publish_sdk + permissions: + contents: write + id-token: write uses: ./.github/workflows/verify-release.yml secrets: inherit with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 30cf916da..2129ebf31 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,6 +60,7 @@ jobs: permissions: contents: write pull-requests: write + id-token: write needs: - prerequisites - build_provider