From a23dd2a4ed009d406774bdefc9d5af98a82bbf14 Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Tue, 7 Jan 2025 20:46:36 +0000 Subject: [PATCH 1/2] fix(github action): update permissions for Image digest update workflow --- .github/workflows/update-images.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update-images.yml b/.github/workflows/update-images.yml index 4b94d08d54..51f5242ac4 100644 --- a/.github/workflows/update-images.yml +++ b/.github/workflows/update-images.yml @@ -15,6 +15,7 @@ jobs: contents: write # to push the updates pull-requests: write # to open Pull requests id-token: write # used to sign the commits using gitsign + actions: write # we have at least one image referenced in another workflow, so need permissions to update actions & workflows steps: - uses: actions/checkout@v4 From 2cdc8da8064aeccd94e58e957dc37f659506ec90 Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Tue, 7 Jan 2025 21:05:39 +0000 Subject: [PATCH 2/2] manually bump image in workflow because it's not possible to grant GITHUB_TOKEN workflow:write permissions --- .github/workflows/preview-service-acceptance.yml | 2 +- .github/workflows/update-images.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/preview-service-acceptance.yml b/.github/workflows/preview-service-acceptance.yml index 5c707144e2..aaea1b056c 100644 --- a/.github/workflows/preview-service-acceptance.yml +++ b/.github/workflows/preview-service-acceptance.yml @@ -69,7 +69,7 @@ jobs: services: postgres: # Docker Hub image - image: postgres:16.4-bookworm@sha256:91f464e7ba0ad91a106c94cff079fb4384139291b8c0502fd36989cf2c788bbb + image: postgres:16.4-bookworm@sha256:e62fbf9d3e2b49816a32c400ed2dba83e3b361e6833e624024309c35d334b412 env: POSTGRES_DB: preview_service_test POSTGRES_PASSWORD: preview_service_test diff --git a/.github/workflows/update-images.yml b/.github/workflows/update-images.yml index 51f5242ac4..4b94d08d54 100644 --- a/.github/workflows/update-images.yml +++ b/.github/workflows/update-images.yml @@ -15,7 +15,6 @@ jobs: contents: write # to push the updates pull-requests: write # to open Pull requests id-token: write # used to sign the commits using gitsign - actions: write # we have at least one image referenced in another workflow, so need permissions to update actions & workflows steps: - uses: actions/checkout@v4