ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "BUILD-5580: Add missing id-token: write permissions for the Vault action and update the action to v3"

Browse Source 
This reverts commit 1c285ade7a6638afc8d00893d9756b567fd9c60c.
This commit is contained in:
Mate Molnar 2024-07-16 15:24:42 +02:00
parent ac0dfabb00
commit 41422bc2cb
5 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/add_language.yml vendored
View File

@ -14,15 +14,12 @@ on:
jobs: jobs:
add_language_to_rule: add_language_to_rule:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
steps: steps:
- name: 'get secrets' - name: 'get secrets'
id: secrets id: secrets
uses: SonarSource/vault-action-wrapper@v3 uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
with: with:
secrets: | secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN; development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

5
.github/workflows/create_new_rspec.yml vendored
View File

@ -12,14 +12,11 @@ on:
jobs: jobs:
create_new_rule: create_new_rule:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
steps: steps:
- name: 'get secrets' - name: 'get secrets'
id: secrets id: secrets
uses: SonarSource/vault-action-wrapper@v3 uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
with: with:
secrets: | secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN; development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

3
.github/workflows/main.yml vendored
View File

@ -9,13 +9,12 @@ jobs:
build-and-deploy: build-and-deploy:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
permissions: permissions:
id-token: write # OIDC auth for Vault
pull-requests: read # Get the list and metadata of open new-rule PRs pull-requests: read # Get the list and metadata of open new-rule PRs
contents: write # Get the contents of open new-rule PRs, the 'master'; write to 'gh-pages' branch contents: write # Get the contents of open new-rule PRs, the 'master'; write to 'gh-pages' branch
steps: steps:
- name: 'get secrets' - name: 'get secrets'
id: secrets id: secrets
uses: SonarSource/vault-action-wrapper@v3 uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
with: with:
secrets: | secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN; development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

7
.github/workflows/update_coverage.yml vendored
View File

@ -5,17 +5,16 @@ on:
jobs: jobs:
update_coverage: update_coverage:
runs-on: ubuntu-latest
permissions: permissions:
id-token: write # OIDC auth for Vault id-token: write
contents: read # checkout runs-on: ubuntu-latest
env: env:
TMP_BRANCH: temporary/coverage_update TMP_BRANCH: temporary/coverage_update
steps: steps:
- name: 'get secrets' - name: 'get secrets'
id: secrets id: secrets
uses: SonarSource/vault-action-wrapper@v3 uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
with: with:
secrets: | secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN; development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;

7
.github/workflows/update_quickfix_status.yml vendored
View File

@ -1,6 +1,6 @@
name: Update quick fix status name: Update quick fix status
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
rule: rule:
@ -26,13 +26,10 @@ jobs:
update_quickfix_status: update_quickfix_status:
name: Update quick fix status name: Update quick fix status
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
permissions:
id-token: write # OIDC auth for Vault
contents: read # checkout
steps: steps:
- name: 'get secrets' - name: 'get secrets'
id: secrets id: secrets
uses: SonarSource/vault-action-wrapper@v3 uses: SonarSource/vault-action-wrapper@7160b50d75c02fe48eb3c8d354ca4fd7029f546a # tag=2.5.0-4
with: with:
secrets: | secrets: |
development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN; development/github/token/SonarSource-rspec-coverage token | COVERAGE_GITHUB_TOKEN;