ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUILD-5580: Add missing id-token: write permissions for the Vault action and update the action to v3

Browse Source
This commit is contained in:
Mate Molnar 2024-07-08 14:58:38 +02:00 committed by GitHub
parent 8bfe3b7de1
commit 1c285ade7a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/add_language.yml vendored
View File

@ -14,12 +14,15 @@ on:
jobs:
add_language_to_rule:
runs-on: ubuntu-latest
runs-on: ubuntu-latest
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
steps:
- name: 'get secrets'
id: secrets
uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

5
.github/workflows/create_new_rspec.yml vendored
View File

@ -12,11 +12,14 @@ on:
jobs:
create_new_rule:
runs-on: ubuntu-latest
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
steps:
- name: 'get secrets'
id: secrets
uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

3
.github/workflows/main.yml vendored
View File

@ -9,12 +9,13 @@ jobs:
build-and-deploy:
runs-on: ubuntu-20.04
permissions:
id-token: write # OIDC auth for Vault
pull-requests: read # Get the list and metadata of open new-rule PRs
contents: write # Get the contents of open new-rule PRs, the 'master'; write to 'gh-pages' branch
steps:
- name: 'get secrets'
id: secrets
uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

7
.github/workflows/update_coverage.yml vendored
View File

@ -5,16 +5,17 @@ on:
jobs:
update_coverage:
permissions:
id-token: write
runs-on: ubuntu-latest
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
env:
TMP_BRANCH: temporary/coverage_update
steps:
- name: 'get secrets'
id: secrets
uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

7
.github/workflows/update_quickfix_status.yml vendored
View File

@ -1,6 +1,6 @@
name: Update quick fix status
on:
on:
workflow_dispatch:
inputs:
rule:
@ -26,10 +26,13 @@ jobs:
update_quickfix_status:
name: Update quick fix status
runs-on: ubuntu-20.04
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
steps:
- name: 'get secrets'
id: secrets
uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;