From 91c869ebb91389517ac0b1ad74390dea702fb93b Mon Sep 17 00:00:00 2001 From: Ryan Cooke Date: Tue, 29 Oct 2024 14:08:27 +0000 Subject: [PATCH] add pull_request: write permissions to default token For use with comment based workflow run approvals Change-type: patch Signed-off-by: Ryan Cooke --- .github/workflows/yocto-build-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yocto-build-deploy.yml b/.github/workflows/yocto-build-deploy.yml index f846a4c0c..12b157e84 100644 --- a/.github/workflows/yocto-build-deploy.yml +++ b/.github/workflows/yocto-build-deploy.yml @@ -174,7 +174,7 @@ env: permissions: id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass - pull-requests: read # Required to fetch the PR that merged, in order to get the test results + pull-requests: write # Required to fetch the PR that merged, in order to get the test results, and to allow comments for workflow approvals jobs: build: