Revert "BUILD-5580: Add missing id-token: write permissions for the Vault action and update the action to v3"

This reverts commit 1c285ade7a6638afc8d00893d9756b567fd9c60c.

.github/workflows/add_language.yml

@@ -14,15 +14,12 @@ on:
 
 jobs:
   add_language_to_rule:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write # OIDC auth for Vault
-      contents: read # checkout
+    runs-on: ubuntu-latest    
 
     steps:
     - name: 'get secrets'
       id: secrets
-      uses: SonarSource/vault-action-wrapper@v3
+      uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
       with:
         secrets: |
           development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

.github/workflows/create_new_rspec.yml

@@ -12,14 +12,11 @@ on:
 jobs:
   create_new_rule:
     runs-on: ubuntu-latest
-    permissions:
-      id-token: write # OIDC auth for Vault
-      contents: read # checkout
 
     steps:
     - name: 'get secrets'
       id: secrets
-      uses: SonarSource/vault-action-wrapper@v3
+      uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
       with:
         secrets: |
           development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

.github/workflows/main.yml

@@ -9,13 +9,12 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-20.04
     permissions:
-      id-token: write # OIDC auth for Vault
       pull-requests: read # Get the list and metadata of open new-rule PRs
       contents: write # Get the contents of open new-rule PRs, the 'master'; write to 'gh-pages' branch
     steps:
       - name: 'get secrets'
         id: secrets
-        uses: SonarSource/vault-action-wrapper@v3
+        uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
         with:
           secrets: |
             development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

.github/workflows/update_coverage.yml

@@ -5,17 +5,16 @@ on:
 
 jobs:
   update_coverage:
-    runs-on: ubuntu-latest
     permissions:
-      id-token: write # OIDC auth for Vault
-      contents: read # checkout
+      id-token: write
+    runs-on: ubuntu-latest
     env:
       TMP_BRANCH: temporary/coverage_update
 
     steps:
     - name: 'get secrets'
       id: secrets
-      uses: SonarSource/vault-action-wrapper@v3
+      uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
       with:
         secrets: |
           development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

.github/workflows/update_quickfix_status.yml

@@ -1,6 +1,6 @@
 name: Update quick fix status
 
-on:
+on: 
   workflow_dispatch:
     inputs:
       rule:
@@ -26,13 +26,10 @@ jobs:
   update_quickfix_status:
     name: Update quick fix status
     runs-on: ubuntu-20.04
-    permissions:
-      id-token: write # OIDC auth for Vault
-      contents: read # checkout
     steps:
     - name: 'get secrets'
       id: secrets
-      uses: SonarSource/vault-action-wrapper@v3
+      uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
       with:
         secrets: |
           development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;