diff --git a/.github/workflows/backend.yaml b/.github/workflows/backend.yaml index 41f6d4c0..3c9d12c1 100644 --- a/.github/workflows/backend.yaml +++ b/.github/workflows/backend.yaml @@ -25,6 +25,8 @@ jobs: source-path: src deploy: + permissions: + id-token: 'write' # TODO: separate build and deploy jobs and create reusable deploy workflow runs-on: ubuntu-latest needs: [validate-pr-refs, test] # Deploy if: diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml index 68de8dbe..766356d0 100644 --- a/.github/workflows/cron.yaml +++ b/.github/workflows/cron.yaml @@ -10,6 +10,8 @@ on: jobs: deploy: + permissions: + id-token: 'write' # TODO: separate build and deploy jobs and create reusable deploy workflow runs-on: ubuntu-latest steps: - name: 🛫 Checkout diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml index 49ff54d6..36128eac 100644 --- a/.github/workflows/dispatch.yaml +++ b/.github/workflows/dispatch.yaml @@ -10,6 +10,8 @@ on: jobs: deploy: + permissions: + id-token: 'write' # TODO: separate build and deploy jobs and create reusable deploy workflow runs-on: ubuntu-latest steps: - name: 🛫 Checkout diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml index cfa1795a..13a7f995 100644 --- a/.github/workflows/frontend.yaml +++ b/.github/workflows/frontend.yaml @@ -24,6 +24,8 @@ jobs: node-version: ${{ inputs.node-version }} deploy: + permissions: + id-token: 'write' # TODO: separate build and deploy jobs and create reusable deploy workflow runs-on: ubuntu-latest needs: [validate-pr-refs, test] # Deploy if: