From 9b8ada05abc15ebf67ec44d48937bc2d813e5c55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristen=20H=C3=A6rum?= Date: Mon, 4 Sep 2023 09:43:38 +0200 Subject: [PATCH 1/2] Flyttet permission til kallende workflow (#3266) --- .github/workflows/app.adresse-service.yml | 3 +++ .github/workflows/app.amelding-service.yml | 3 +++ .github/workflows/app.app-tilgang-analyse-service.yml | 3 +++ .github/workflows/app.arbeidsforhold-export-api.yml | 3 +++ .github/workflows/app.arbeidsforhold-service.yml | 3 +++ .github/workflows/app.batch-bestilling-service.yml | 3 +++ .github/workflows/app.brreg-stub.yml | 3 +++ .github/workflows/app.bruker-service.yml | 3 +++ .github/workflows/app.dolly-backend.yml | 3 +++ .github/workflows/app.dolly-frontend.yml | 3 +++ .github/workflows/app.dollystatus.yml | 3 +++ .github/workflows/app.endringsmelding-frontend.yml | 3 +++ .github/workflows/app.endringsmelding-service.yml | 3 +++ .github/workflows/app.ereg-batch-status-service.yml | 3 +++ .github/workflows/app.faste-data-frontend.yml | 3 +++ .../app.generer-arbeidsforhold-populasjon-service.yml | 3 +++ .github/workflows/app.generer-navn-service.yml | 3 +++ .../workflows/app.generer-organisasjon-populasjon-service.yml | 3 +++ .github/workflows/app.generer-synt-amelding-service.yml | 3 +++ .github/workflows/app.geografiske-kodeverk-service.yml | 3 +++ .github/workflows/app.helsepersonell-service.yml | 3 +++ .github/workflows/app.hodejegeren.yml | 3 +++ .github/workflows/app.inntektsmelding-generator-service.yml | 3 +++ .github/workflows/app.inntektsmelding-service.yml | 3 +++ .github/workflows/app.jenkins-batch-status-service.yml | 3 +++ .github/workflows/app.joark-dokument-service.yml | 3 +++ .github/workflows/app.miljoer-service.yml | 3 +++ .github/workflows/app.mn-synt-arbeidsforhold-service.yml | 3 +++ .github/workflows/app.oppsummeringsdokument-service.yml | 3 +++ .github/workflows/app.organisasjon-bestilling-service.yml | 3 +++ .github/workflows/app.organisasjon-faste-data-service.yml | 3 +++ .github/workflows/app.organisasjon-forvalter.yml | 3 +++ .github/workflows/app.organisasjon-mottak-service.yml | 3 +++ .github/workflows/app.organisasjon-service.yml | 3 +++ .github/workflows/app.organisasjon-tilgang-frontend-prod.yml | 3 +++ .github/workflows/app.organisasjon-tilgang-frontend.yml | 3 +++ .github/workflows/app.organisasjon-tilgang-service-prod.yml | 3 +++ .github/workflows/app.organisasjon-tilgang-service.yml | 3 +++ .github/workflows/app.orgnummer-service.yml | 3 +++ .github/workflows/app.oversikt-frontend.yml | 3 +++ .github/workflows/app.pdl-forvalter.yml | 3 +++ .github/workflows/app.person-export-api.yml | 3 +++ .github/workflows/app.person-faste-data-service.yml | 3 +++ .github/workflows/app.person-organisasjon-tilgang-service.yml | 3 +++ .github/workflows/app.person-search-service.yml | 3 +++ .github/workflows/app.person-service.yml | 3 +++ .github/workflows/app.profil-api.yml | 3 +++ .github/workflows/app.sykemelding-api.yml | 3 +++ .github/workflows/app.synt-sykemelding-api.yml | 3 +++ .github/workflows/app.synt-vedtakshistorikk-service.yml | 3 +++ .github/workflows/app.testnav-ident-pool.yml | 3 +++ .github/workflows/app.testnorge-bisys.yml | 3 +++ .github/workflows/app.testnorge-statisk-data-forvalter.yml | 3 +++ .github/workflows/app.testnorge-tp.yml | 3 +++ .github/workflows/app.tilbakemelding-api.yml | 3 +++ .github/workflows/app.tps-messaging-service.yml | 3 +++ .github/workflows/app.udi-stub.yml | 3 +++ .github/workflows/app.varslinger-service.yml | 3 +++ .github/workflows/common.workflow.backend.yml | 3 --- .github/workflows/common.workflow.frontend.yml | 3 --- .github/workflows/proxy.aareg-proxy.yml | 3 +++ .github/workflows/proxy.aareg-synt-services-proxy.yml | 3 +++ .github/workflows/proxy.arbeidsplassencv-proxy.yml | 3 +++ .github/workflows/proxy.arena-forvalteren-proxy.yml | 3 +++ .github/workflows/proxy.batch-adeo-proxy.yml | 3 +++ .github/workflows/proxy.brregstub-proxy.yml | 3 +++ .github/workflows/proxy.dokarkiv-proxy.yml | 3 +++ .github/workflows/proxy.ereg-proxy.yml | 3 +++ .github/workflows/proxy.histark-proxy.yml | 3 +++ .github/workflows/proxy.hodejegeren-proxy.yml | 3 +++ .github/workflows/proxy.inntektstub-proxy.yml | 3 +++ .github/workflows/proxy.inst-proxy.yml | 3 +++ .github/workflows/proxy.kodeverk-proxy.yml | 3 +++ .github/workflows/proxy.kontoregister-person-proxy.yml | 3 +++ .github/workflows/proxy.krrstub-proxy.yml | 3 +++ .github/workflows/proxy.medl-proxy.yml | 3 +++ .github/workflows/proxy.norg2-proxy.yml | 3 +++ .github/workflows/proxy.pdl-proxy.yml | 3 +++ .github/workflows/proxy.pensjon-testdata-facade-proxy.yml | 3 +++ .github/workflows/proxy.saf-proxy.yml | 3 +++ .github/workflows/proxy.sigrunstub-proxy.yml | 3 +++ .github/workflows/proxy.skjermingsregister-proxy.yml | 3 +++ .github/workflows/proxy.statisk-data-forvalter-proxy.yml | 3 +++ .github/workflows/proxy.sykemelding-api-proxy.yml | 3 +++ .github/workflows/proxy.synthdata-meldekort-proxy.yml | 3 +++ .github/workflows/proxy.tps-forvalteren-proxy.yml | 3 +++ .github/workflows/proxy.udistub-proxy.yml | 3 +++ 87 files changed, 255 insertions(+), 6 deletions(-) diff --git a/.github/workflows/app.adresse-service.yml b/.github/workflows/app.adresse-service.yml index dec3ccfaba3..8acaea880af 100644 --- a/.github/workflows/app.adresse-service.yml +++ b/.github/workflows/app.adresse-service.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/adresse-service" deploy-tag: "#deploy-adresse-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.amelding-service.yml b/.github/workflows/app.amelding-service.yml index f1aa5b020fa..77017ca6d9f 100644 --- a/.github/workflows/app.amelding-service.yml +++ b/.github/workflows/app.amelding-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/amelding-service" deploy-tag: "#deploy-amelding-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.app-tilgang-analyse-service.yml b/.github/workflows/app.app-tilgang-analyse-service.yml index d44c74d5906..3c5f17f27fa 100644 --- a/.github/workflows/app.app-tilgang-analyse-service.yml +++ b/.github/workflows/app.app-tilgang-analyse-service.yml @@ -15,6 +15,9 @@ jobs: with: working-directory: "apps/app-tilgang-analyse-service" deploy-tag: "#deploy-app-tilgang-analyse-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.arbeidsforhold-export-api.yml b/.github/workflows/app.arbeidsforhold-export-api.yml index 65c014b45e7..3ba91ed7377 100644 --- a/.github/workflows/app.arbeidsforhold-export-api.yml +++ b/.github/workflows/app.arbeidsforhold-export-api.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/arbeidsforhold-export-api" deploy-tag: "#deploy-arbeidsforhold-export-api" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.arbeidsforhold-service.yml b/.github/workflows/app.arbeidsforhold-service.yml index 91f99e31a6d..339f7da9e05 100644 --- a/.github/workflows/app.arbeidsforhold-service.yml +++ b/.github/workflows/app.arbeidsforhold-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/arbeidsforhold-service" deploy-tag: "#deploy-arbeidsforhold-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.batch-bestilling-service.yml b/.github/workflows/app.batch-bestilling-service.yml index bc468832a71..acc02fe8548 100644 --- a/.github/workflows/app.batch-bestilling-service.yml +++ b/.github/workflows/app.batch-bestilling-service.yml @@ -19,6 +19,9 @@ jobs: with: working-directory: "apps/batch-bestilling-service" deploy-tag: "#deploy-batch-bestilling-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.brreg-stub.yml b/.github/workflows/app.brreg-stub.yml index d4847531510..7d4a1591b6a 100644 --- a/.github/workflows/app.brreg-stub.yml +++ b/.github/workflows/app.brreg-stub.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/brreg-stub" deploy-tag: "#deploy-brreg-stub" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.bruker-service.yml b/.github/workflows/app.bruker-service.yml index 15a1398643e..8de7a0b70ad 100644 --- a/.github/workflows/app.bruker-service.yml +++ b/.github/workflows/app.bruker-service.yml @@ -18,6 +18,9 @@ jobs: working-directory: "apps/bruker-service" deploy-tag: "#deploy-bruker-service" deploy-tag-test: "#deploy-test-bruker-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.dolly-backend.yml b/.github/workflows/app.dolly-backend.yml index 29a0bc024ac..e8299e69245 100644 --- a/.github/workflows/app.dolly-backend.yml +++ b/.github/workflows/app.dolly-backend.yml @@ -20,6 +20,9 @@ jobs: working-directory: "apps/dolly-backend" deploy-tag: "#deploy-dolly-backend" deploy-tag-test: "#deploy-test-dolly-backend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.dolly-frontend.yml b/.github/workflows/app.dolly-frontend.yml index f057f5d7f20..aa95e32abf3 100644 --- a/.github/workflows/app.dolly-frontend.yml +++ b/.github/workflows/app.dolly-frontend.yml @@ -31,6 +31,9 @@ jobs: deploy-tag-test: "#deploy-test-frontend" deploy-tag-idporten: "#deploy-idporten-frontend" deploy-tag-unstable: "#deploy-unstable-frontend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.dollystatus.yml b/.github/workflows/app.dollystatus.yml index 9a8152dbe82..730f43e2f30 100644 --- a/.github/workflows/app.dollystatus.yml +++ b/.github/workflows/app.dollystatus.yml @@ -12,6 +12,9 @@ jobs: with: working-directory: "apps/dollystatus" deploy-tag: "#deploy-dollystatus" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.endringsmelding-frontend.yml b/.github/workflows/app.endringsmelding-frontend.yml index 32e543e662b..a05e180e445 100644 --- a/.github/workflows/app.endringsmelding-frontend.yml +++ b/.github/workflows/app.endringsmelding-frontend.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/endringsmelding-frontend" deploy-tag: "#deploy-endringsmelding-frontend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.endringsmelding-service.yml b/.github/workflows/app.endringsmelding-service.yml index 28cdedd6ea2..e6ecb801a90 100644 --- a/.github/workflows/app.endringsmelding-service.yml +++ b/.github/workflows/app.endringsmelding-service.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/endringsmelding-service" deploy-tag: "#deploy-endringsmelding-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.ereg-batch-status-service.yml b/.github/workflows/app.ereg-batch-status-service.yml index 4aea1d5f7b6..a85fa1addd1 100644 --- a/.github/workflows/app.ereg-batch-status-service.yml +++ b/.github/workflows/app.ereg-batch-status-service.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/ereg-batch-status-service" deploy-tag: "#deploy-ereg-batch-status-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.faste-data-frontend.yml b/.github/workflows/app.faste-data-frontend.yml index c257dcf70b6..7587b562734 100644 --- a/.github/workflows/app.faste-data-frontend.yml +++ b/.github/workflows/app.faste-data-frontend.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/faste-data-frontend" deploy-tag: "#deploy-faste-data-frontend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.generer-arbeidsforhold-populasjon-service.yml b/.github/workflows/app.generer-arbeidsforhold-populasjon-service.yml index 69235a80f04..ff7aef85a87 100644 --- a/.github/workflows/app.generer-arbeidsforhold-populasjon-service.yml +++ b/.github/workflows/app.generer-arbeidsforhold-populasjon-service.yml @@ -17,6 +17,9 @@ jobs: with: working-directory: "apps/generer-arbeidsforhold-populasjon-service" deploy-tag: "#deploy-generer-arbeidsforhold-populasjon-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.generer-navn-service.yml b/.github/workflows/app.generer-navn-service.yml index 7df54d344fb..6053e0beffd 100644 --- a/.github/workflows/app.generer-navn-service.yml +++ b/.github/workflows/app.generer-navn-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/generer-navn-service" deploy-tag: "#deploy-generer-navn-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.generer-organisasjon-populasjon-service.yml b/.github/workflows/app.generer-organisasjon-populasjon-service.yml index 4a6c9b6c386..0ef92eaaa2c 100644 --- a/.github/workflows/app.generer-organisasjon-populasjon-service.yml +++ b/.github/workflows/app.generer-organisasjon-populasjon-service.yml @@ -22,6 +22,9 @@ jobs: with: working-directory: "apps/generer-organisasjon-populasjon-service" deploy-tag: "#deploy-generer-organisasjon-populasjon-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.generer-synt-amelding-service.yml b/.github/workflows/app.generer-synt-amelding-service.yml index 2dadabde2e4..6f9b0273a65 100644 --- a/.github/workflows/app.generer-synt-amelding-service.yml +++ b/.github/workflows/app.generer-synt-amelding-service.yml @@ -17,6 +17,9 @@ jobs: with: working-directory: "apps/generer-synt-amelding-service" deploy-tag: "#deploy-generer-synt-amelding-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.geografiske-kodeverk-service.yml b/.github/workflows/app.geografiske-kodeverk-service.yml index 355cdc73bda..0dcc356b185 100644 --- a/.github/workflows/app.geografiske-kodeverk-service.yml +++ b/.github/workflows/app.geografiske-kodeverk-service.yml @@ -15,6 +15,9 @@ jobs: with: working-directory: "apps/geografiske-kodeverk-service" deploy-tag: "#deploy-geografiske-kodeverk-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.helsepersonell-service.yml b/.github/workflows/app.helsepersonell-service.yml index b5a85077067..4f90de43a9b 100644 --- a/.github/workflows/app.helsepersonell-service.yml +++ b/.github/workflows/app.helsepersonell-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/helsepersonell-service" deploy-tag: "#deploy-helsepersonell-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.hodejegeren.yml b/.github/workflows/app.hodejegeren.yml index dd91d3ff69f..607c0220016 100644 --- a/.github/workflows/app.hodejegeren.yml +++ b/.github/workflows/app.hodejegeren.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/hodejegeren" deploy-tag: "#deploy-hodejegeren" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.inntektsmelding-generator-service.yml b/.github/workflows/app.inntektsmelding-generator-service.yml index 9564c73803a..c78500e6eb4 100644 --- a/.github/workflows/app.inntektsmelding-generator-service.yml +++ b/.github/workflows/app.inntektsmelding-generator-service.yml @@ -15,6 +15,9 @@ jobs: with: working-directory: "apps/inntektsmelding-generator-service/" deploy-tag: "#deploy-inntektsmelding-generator-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.inntektsmelding-service.yml b/.github/workflows/app.inntektsmelding-service.yml index e4d3edd90f8..837f9221c41 100644 --- a/.github/workflows/app.inntektsmelding-service.yml +++ b/.github/workflows/app.inntektsmelding-service.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/inntektsmelding-service" deploy-tag: "#deploy-inntektsmelding-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.jenkins-batch-status-service.yml b/.github/workflows/app.jenkins-batch-status-service.yml index 41248f01252..9987827a628 100644 --- a/.github/workflows/app.jenkins-batch-status-service.yml +++ b/.github/workflows/app.jenkins-batch-status-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/jenkins-batch-status-service" deploy-tag: "#deploy-jenkins-batch-status-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.joark-dokument-service.yml b/.github/workflows/app.joark-dokument-service.yml index 792f47569aa..f64331dd625 100644 --- a/.github/workflows/app.joark-dokument-service.yml +++ b/.github/workflows/app.joark-dokument-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/joark-dokument-service" deploy-tag: "#deploy-joark-dokument-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.miljoer-service.yml b/.github/workflows/app.miljoer-service.yml index e8d6910919e..bdd7c42dd71 100644 --- a/.github/workflows/app.miljoer-service.yml +++ b/.github/workflows/app.miljoer-service.yml @@ -17,6 +17,9 @@ jobs: with: working-directory: "apps/miljoer-service" deploy-tag: "#deploy-miljoer-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.mn-synt-arbeidsforhold-service.yml b/.github/workflows/app.mn-synt-arbeidsforhold-service.yml index 3cf4b6681d8..f5e982ab381 100644 --- a/.github/workflows/app.mn-synt-arbeidsforhold-service.yml +++ b/.github/workflows/app.mn-synt-arbeidsforhold-service.yml @@ -19,6 +19,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/mn-synt-arbeidsforhold-service" deploy-tag: "#deploy-mn-synt-arbeidsforhold-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.oppsummeringsdokument-service.yml b/.github/workflows/app.oppsummeringsdokument-service.yml index d8b78a5a249..85cca7f8edf 100644 --- a/.github/workflows/app.oppsummeringsdokument-service.yml +++ b/.github/workflows/app.oppsummeringsdokument-service.yml @@ -17,6 +17,9 @@ jobs: with: working-directory: "apps/oppsummeringsdokument-service" deploy-tag: "#deploy-oppsummeringsdokument-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-bestilling-service.yml b/.github/workflows/app.organisasjon-bestilling-service.yml index 03febffcb65..5d8e2ce8f35 100644 --- a/.github/workflows/app.organisasjon-bestilling-service.yml +++ b/.github/workflows/app.organisasjon-bestilling-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/organisasjon-bestilling-service" deploy-tag: "#deploy-organisasjon-bestilling-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-faste-data-service.yml b/.github/workflows/app.organisasjon-faste-data-service.yml index d3a320916e0..f0e03bf4f8f 100644 --- a/.github/workflows/app.organisasjon-faste-data-service.yml +++ b/.github/workflows/app.organisasjon-faste-data-service.yml @@ -22,6 +22,9 @@ jobs: with: working-directory: "apps/organisasjon-faste-data-service" deploy-tag: "#deploy-organisasjon-faste-data-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-forvalter.yml b/.github/workflows/app.organisasjon-forvalter.yml index 49af86d235b..72b5f6861c9 100644 --- a/.github/workflows/app.organisasjon-forvalter.yml +++ b/.github/workflows/app.organisasjon-forvalter.yml @@ -22,6 +22,9 @@ jobs: with: working-directory: "apps/organisasjon-forvalter" deploy-tag: "#deploy-organisasjon-forvalter" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-mottak-service.yml b/.github/workflows/app.organisasjon-mottak-service.yml index 345f63ce589..67dca1c75e7 100644 --- a/.github/workflows/app.organisasjon-mottak-service.yml +++ b/.github/workflows/app.organisasjon-mottak-service.yml @@ -21,6 +21,9 @@ jobs: with: working-directory: "apps/organisasjon-mottak-service" deploy-tag: "#deploy-organisasjon-mottak-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-service.yml b/.github/workflows/app.organisasjon-service.yml index 854ce8b3fa8..6ccf1c20ea5 100644 --- a/.github/workflows/app.organisasjon-service.yml +++ b/.github/workflows/app.organisasjon-service.yml @@ -19,6 +19,9 @@ jobs: with: working-directory: "apps/organisasjon-service" deploy-tag: "#deploy-organisasjon-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-tilgang-frontend-prod.yml b/.github/workflows/app.organisasjon-tilgang-frontend-prod.yml index 4170ec7a5ab..bdbb460473d 100644 --- a/.github/workflows/app.organisasjon-tilgang-frontend-prod.yml +++ b/.github/workflows/app.organisasjon-tilgang-frontend-prod.yml @@ -18,6 +18,9 @@ jobs: nais-manifest: "config.prod.yml" working-directory: "apps/organisasjon-tilgang-frontend" deploy-tag: "#deploy-organisasjon-tilgang-frontend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-tilgang-frontend.yml b/.github/workflows/app.organisasjon-tilgang-frontend.yml index 3088cd6d3d0..2b415a11c87 100644 --- a/.github/workflows/app.organisasjon-tilgang-frontend.yml +++ b/.github/workflows/app.organisasjon-tilgang-frontend.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/organisasjon-tilgang-frontend" deploy-tag: "#deploy-test-organisasjon-tilgang-frontend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-tilgang-service-prod.yml b/.github/workflows/app.organisasjon-tilgang-service-prod.yml index 60c1b1bb076..b1ac2cec861 100644 --- a/.github/workflows/app.organisasjon-tilgang-service-prod.yml +++ b/.github/workflows/app.organisasjon-tilgang-service-prod.yml @@ -16,6 +16,9 @@ jobs: nais-manifest: "config.prod.yml" working-directory: "apps/organisasjon-tilgang-service" deploy-tag: "#deploy-organisasjon-tilgang-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.organisasjon-tilgang-service.yml b/.github/workflows/app.organisasjon-tilgang-service.yml index 09251840922..0a428aeb2d0 100644 --- a/.github/workflows/app.organisasjon-tilgang-service.yml +++ b/.github/workflows/app.organisasjon-tilgang-service.yml @@ -14,6 +14,9 @@ jobs: with: working-directory: "apps/organisasjon-tilgang-service" deploy-tag: "#deploy-test-organisasjon-tilgang-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.orgnummer-service.yml b/.github/workflows/app.orgnummer-service.yml index ac2b7eff2fb..591148ded99 100644 --- a/.github/workflows/app.orgnummer-service.yml +++ b/.github/workflows/app.orgnummer-service.yml @@ -19,6 +19,9 @@ jobs: with: working-directory: "apps/orgnummer-service" deploy-tag: "#deploy-orgnummer-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.oversikt-frontend.yml b/.github/workflows/app.oversikt-frontend.yml index cdbd6789b95..6ebf48e69fc 100644 --- a/.github/workflows/app.oversikt-frontend.yml +++ b/.github/workflows/app.oversikt-frontend.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/oversikt-frontend" deploy-tag: "#deploy-oversikt-frontend" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.pdl-forvalter.yml b/.github/workflows/app.pdl-forvalter.yml index c3d1b167060..98a372deb3f 100644 --- a/.github/workflows/app.pdl-forvalter.yml +++ b/.github/workflows/app.pdl-forvalter.yml @@ -19,6 +19,9 @@ jobs: working-directory: "apps/pdl-forvalter" deploy-tag: "#deploy-pdl-forvalter" deploy-tag-test: "#deploy-test-pdl-forvalter" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.person-export-api.yml b/.github/workflows/app.person-export-api.yml index 1a21e146085..9625444e9a7 100644 --- a/.github/workflows/app.person-export-api.yml +++ b/.github/workflows/app.person-export-api.yml @@ -17,6 +17,9 @@ jobs: with: working-directory: "apps/person-export-api" deploy-tag: "#deploy-person-export-api" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.person-faste-data-service.yml b/.github/workflows/app.person-faste-data-service.yml index 01754827e8b..99c4dc32e8a 100644 --- a/.github/workflows/app.person-faste-data-service.yml +++ b/.github/workflows/app.person-faste-data-service.yml @@ -15,6 +15,9 @@ jobs: with: working-directory: "apps/person-faste-data-service" deploy-tag: "#deploy-person-faste-data-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.person-organisasjon-tilgang-service.yml b/.github/workflows/app.person-organisasjon-tilgang-service.yml index 98685a2ab77..4d2730bf7c1 100644 --- a/.github/workflows/app.person-organisasjon-tilgang-service.yml +++ b/.github/workflows/app.person-organisasjon-tilgang-service.yml @@ -17,6 +17,9 @@ jobs: working-directory: "apps/person-organisasjon-tilgang-service" deploy-tag: "#deploy-person-organisasjon-tilgang-service" deploy-tag-test: "#deploy-test-person-organisasjon-tilgang-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.person-search-service.yml b/.github/workflows/app.person-search-service.yml index 4df7a18fa92..991727895cb 100644 --- a/.github/workflows/app.person-search-service.yml +++ b/.github/workflows/app.person-search-service.yml @@ -17,6 +17,9 @@ jobs: with: working-directory: "apps/person-search-service" deploy-tag: "#deploy-person-search-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.person-service.yml b/.github/workflows/app.person-service.yml index 22722b4213e..de812278908 100644 --- a/.github/workflows/app.person-service.yml +++ b/.github/workflows/app.person-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/person-service" deploy-tag: "#deploy-person-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.profil-api.yml b/.github/workflows/app.profil-api.yml index e6f2dfe886d..80d2adf4334 100644 --- a/.github/workflows/app.profil-api.yml +++ b/.github/workflows/app.profil-api.yml @@ -18,6 +18,9 @@ jobs: working-directory: "apps/profil-api" deploy-tag: "#deploy-profil-api" deploy-tag-test: "#deploy-test-profil-api" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.sykemelding-api.yml b/.github/workflows/app.sykemelding-api.yml index 6aca8c661c0..d6fb44fb876 100644 --- a/.github/workflows/app.sykemelding-api.yml +++ b/.github/workflows/app.sykemelding-api.yml @@ -16,6 +16,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/sykemelding-api" deploy-tag: "#deploy-sykemelding-api" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.synt-sykemelding-api.yml b/.github/workflows/app.synt-sykemelding-api.yml index 3df5a2f74df..6d8c1fc2098 100644 --- a/.github/workflows/app.synt-sykemelding-api.yml +++ b/.github/workflows/app.synt-sykemelding-api.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/synt-sykemelding-api" deploy-tag: "#deploy-synt-sykemelding-api" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.synt-vedtakshistorikk-service.yml b/.github/workflows/app.synt-vedtakshistorikk-service.yml index 2af9612d0aa..6b5bbb48c6b 100644 --- a/.github/workflows/app.synt-vedtakshistorikk-service.yml +++ b/.github/workflows/app.synt-vedtakshistorikk-service.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/synt-vedtakshistorikk-service" deploy-tag: "#deploy-synt-vedtakshistorikk-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.testnav-ident-pool.yml b/.github/workflows/app.testnav-ident-pool.yml index 33339922303..91eeb585370 100644 --- a/.github/workflows/app.testnav-ident-pool.yml +++ b/.github/workflows/app.testnav-ident-pool.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/testnav-ident-pool" deploy-tag: "#deploy-testnav-ident-pool" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.testnorge-bisys.yml b/.github/workflows/app.testnorge-bisys.yml index bb8762aa5cc..8d719b16368 100644 --- a/.github/workflows/app.testnorge-bisys.yml +++ b/.github/workflows/app.testnorge-bisys.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/testnorge-bisys" deploy-tag: "#deploy-testnorge-bisys" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.testnorge-statisk-data-forvalter.yml b/.github/workflows/app.testnorge-statisk-data-forvalter.yml index 7e5188224b1..4e9a952dfda 100644 --- a/.github/workflows/app.testnorge-statisk-data-forvalter.yml +++ b/.github/workflows/app.testnorge-statisk-data-forvalter.yml @@ -24,6 +24,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/testnorge-statisk-data-forvalter" deploy-tag: "#deploy-testnorge-statisk-data-forvalter" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.testnorge-tp.yml b/.github/workflows/app.testnorge-tp.yml index 381833d0d76..a71a62ccd39 100644 --- a/.github/workflows/app.testnorge-tp.yml +++ b/.github/workflows/app.testnorge-tp.yml @@ -16,6 +16,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/testnorge-tp" deploy-tag: "#deploy-testnorge-tp" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.tilbakemelding-api.yml b/.github/workflows/app.tilbakemelding-api.yml index fa9217cc689..e7bfacd165b 100644 --- a/.github/workflows/app.tilbakemelding-api.yml +++ b/.github/workflows/app.tilbakemelding-api.yml @@ -18,6 +18,9 @@ jobs: with: working-directory: "apps/tilbakemelding-api" deploy-tag: "#deploy-tilbakemelding-api" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.tps-messaging-service.yml b/.github/workflows/app.tps-messaging-service.yml index 76f95bfe962..be914c409c6 100644 --- a/.github/workflows/app.tps-messaging-service.yml +++ b/.github/workflows/app.tps-messaging-service.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "apps/tps-messaging-service" deploy-tag: "#deploy-tps-messaging-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.udi-stub.yml b/.github/workflows/app.udi-stub.yml index 1cc91f8500c..63dfc1eaf31 100644 --- a/.github/workflows/app.udi-stub.yml +++ b/.github/workflows/app.udi-stub.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "apps/udi-stub" deploy-tag: "#deploy-udi-stub" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/app.varslinger-service.yml b/.github/workflows/app.varslinger-service.yml index 8e53d30e8e1..f31627c2694 100644 --- a/.github/workflows/app.varslinger-service.yml +++ b/.github/workflows/app.varslinger-service.yml @@ -18,6 +18,9 @@ jobs: working-directory: "apps/varslinger-service" deploy-tag: "#deploy-varslinger-service" deploy-tag-test: "#deploy-test-varslinger-service" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/common.workflow.backend.yml b/.github/workflows/common.workflow.backend.yml index 608730c2274..c31bcb34267 100644 --- a/.github/workflows/common.workflow.backend.yml +++ b/.github/workflows/common.workflow.backend.yml @@ -82,9 +82,6 @@ jobs: build: needs: start if: github.actor != 'dependabot[bot]' - permissions: - contents: "read" - id-token: "write" runs-on: ubuntu-latest steps: - name: "Checkout" diff --git a/.github/workflows/common.workflow.frontend.yml b/.github/workflows/common.workflow.frontend.yml index 0e7f2966b62..fd7de942ffb 100644 --- a/.github/workflows/common.workflow.frontend.yml +++ b/.github/workflows/common.workflow.frontend.yml @@ -104,9 +104,6 @@ jobs: build: needs: start if: github.actor != 'dependabot[bot]' - permissions: - contents: "read" - id-token: "write" runs-on: ubuntu-latest steps: - name: "Checkout" diff --git a/.github/workflows/proxy.aareg-proxy.yml b/.github/workflows/proxy.aareg-proxy.yml index 044baecce36..ecee09af164 100644 --- a/.github/workflows/proxy.aareg-proxy.yml +++ b/.github/workflows/proxy.aareg-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/aareg-proxy" deploy-tag: "#deploy-aareg-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.aareg-synt-services-proxy.yml b/.github/workflows/proxy.aareg-synt-services-proxy.yml index c5dbf127505..ae62d4ea7ba 100644 --- a/.github/workflows/proxy.aareg-synt-services-proxy.yml +++ b/.github/workflows/proxy.aareg-synt-services-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/aareg-synt-services-proxy" deploy-tag: "#deploy-aareg-synt-services-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.arbeidsplassencv-proxy.yml b/.github/workflows/proxy.arbeidsplassencv-proxy.yml index 1b461021976..70d2fcde8b6 100644 --- a/.github/workflows/proxy.arbeidsplassencv-proxy.yml +++ b/.github/workflows/proxy.arbeidsplassencv-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/arbeidsplassencv-proxy" deploy-tag: "#deploy-arbeidsplassencv-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.arena-forvalteren-proxy.yml b/.github/workflows/proxy.arena-forvalteren-proxy.yml index f079ff3e36e..8ccf7bba6c3 100644 --- a/.github/workflows/proxy.arena-forvalteren-proxy.yml +++ b/.github/workflows/proxy.arena-forvalteren-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/arena-forvalteren-proxy" deploy-tag: "#deploy-arena-forvalteren-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.batch-adeo-proxy.yml b/.github/workflows/proxy.batch-adeo-proxy.yml index 321fcabd71a..6c8fc6a9103 100644 --- a/.github/workflows/proxy.batch-adeo-proxy.yml +++ b/.github/workflows/proxy.batch-adeo-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/batch-adeo-proxy" deploy-tag: "#deploy-batch-adeo-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.brregstub-proxy.yml b/.github/workflows/proxy.brregstub-proxy.yml index cb90a8b258b..aa7e46b61eb 100644 --- a/.github/workflows/proxy.brregstub-proxy.yml +++ b/.github/workflows/proxy.brregstub-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/brregstub-proxy" deploy-tag: "#deploy-brregstub-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.dokarkiv-proxy.yml b/.github/workflows/proxy.dokarkiv-proxy.yml index 1f2ff542e46..0e9a68f76cd 100644 --- a/.github/workflows/proxy.dokarkiv-proxy.yml +++ b/.github/workflows/proxy.dokarkiv-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/dokarkiv-proxy" deploy-tag: "#deploy-dokarkiv-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.ereg-proxy.yml b/.github/workflows/proxy.ereg-proxy.yml index b002d0d5ea3..be9bb11fe9b 100644 --- a/.github/workflows/proxy.ereg-proxy.yml +++ b/.github/workflows/proxy.ereg-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/ereg-proxy" deploy-tag: "#deploy-ereg-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.histark-proxy.yml b/.github/workflows/proxy.histark-proxy.yml index 33894e26823..c57b338d254 100644 --- a/.github/workflows/proxy.histark-proxy.yml +++ b/.github/workflows/proxy.histark-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/histark-proxy" deploy-tag: "#deploy-histark-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.hodejegeren-proxy.yml b/.github/workflows/proxy.hodejegeren-proxy.yml index 7ba305e837f..51d1078b31d 100644 --- a/.github/workflows/proxy.hodejegeren-proxy.yml +++ b/.github/workflows/proxy.hodejegeren-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/hodejegeren-proxy" deploy-tag: "#deploy-hodejegeren-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.inntektstub-proxy.yml b/.github/workflows/proxy.inntektstub-proxy.yml index 9d5d12f72a6..8f6e06f5052 100644 --- a/.github/workflows/proxy.inntektstub-proxy.yml +++ b/.github/workflows/proxy.inntektstub-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/inntektstub-proxy" deploy-tag: "#deploy-inntektstub-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.inst-proxy.yml b/.github/workflows/proxy.inst-proxy.yml index 386adf8e186..efcf944cc00 100644 --- a/.github/workflows/proxy.inst-proxy.yml +++ b/.github/workflows/proxy.inst-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/inst-proxy" deploy-tag: "#deploy-inst-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.kodeverk-proxy.yml b/.github/workflows/proxy.kodeverk-proxy.yml index 01f9188e7a9..48626f04f1c 100644 --- a/.github/workflows/proxy.kodeverk-proxy.yml +++ b/.github/workflows/proxy.kodeverk-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/kodeverk-proxy" deploy-tag: "#deploy-kodeverk-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.kontoregister-person-proxy.yml b/.github/workflows/proxy.kontoregister-person-proxy.yml index 8d6210524b6..7020e5780e4 100644 --- a/.github/workflows/proxy.kontoregister-person-proxy.yml +++ b/.github/workflows/proxy.kontoregister-person-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/kontoregister-person-proxy" deploy-tag: "#deploy-kontoregister-person-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.krrstub-proxy.yml b/.github/workflows/proxy.krrstub-proxy.yml index 76613adb590..d976f81e0ee 100644 --- a/.github/workflows/proxy.krrstub-proxy.yml +++ b/.github/workflows/proxy.krrstub-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/krrstub-proxy" deploy-tag: "#deploy-krrstub-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.medl-proxy.yml b/.github/workflows/proxy.medl-proxy.yml index e8257f0eb8f..0511372612a 100644 --- a/.github/workflows/proxy.medl-proxy.yml +++ b/.github/workflows/proxy.medl-proxy.yml @@ -19,6 +19,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/medl-proxy" deploy-tag: "#deploy-medl-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.norg2-proxy.yml b/.github/workflows/proxy.norg2-proxy.yml index fdc257ca52e..4eb1135424b 100644 --- a/.github/workflows/proxy.norg2-proxy.yml +++ b/.github/workflows/proxy.norg2-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/norg2-proxy" deploy-tag: "#deploy-norg2-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.pdl-proxy.yml b/.github/workflows/proxy.pdl-proxy.yml index f6246678601..8c95138d8ca 100644 --- a/.github/workflows/proxy.pdl-proxy.yml +++ b/.github/workflows/proxy.pdl-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/pdl-proxy" deploy-tag: "#deploy-pdl-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.pensjon-testdata-facade-proxy.yml b/.github/workflows/proxy.pensjon-testdata-facade-proxy.yml index 81f4962d752..9b77a04c49a 100644 --- a/.github/workflows/proxy.pensjon-testdata-facade-proxy.yml +++ b/.github/workflows/proxy.pensjon-testdata-facade-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/pensjon-testdata-facade-proxy" deploy-tag: "#deploy-pensjon-testdata-facade-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.saf-proxy.yml b/.github/workflows/proxy.saf-proxy.yml index b3666bd1c5c..b8b1f57dadf 100644 --- a/.github/workflows/proxy.saf-proxy.yml +++ b/.github/workflows/proxy.saf-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/saf-proxy" deploy-tag: "#deploy-saf-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.sigrunstub-proxy.yml b/.github/workflows/proxy.sigrunstub-proxy.yml index ea5fbddcb50..6c3c1d4aed4 100644 --- a/.github/workflows/proxy.sigrunstub-proxy.yml +++ b/.github/workflows/proxy.sigrunstub-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/sigrunstub-proxy" deploy-tag: "#deploy-sigrunstub-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.skjermingsregister-proxy.yml b/.github/workflows/proxy.skjermingsregister-proxy.yml index eb76f732f15..0cc683568dc 100644 --- a/.github/workflows/proxy.skjermingsregister-proxy.yml +++ b/.github/workflows/proxy.skjermingsregister-proxy.yml @@ -16,6 +16,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/skjermingsregister-proxy" deploy-tag: "#deploy-skjermingsregister-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.statisk-data-forvalter-proxy.yml b/.github/workflows/proxy.statisk-data-forvalter-proxy.yml index 1ed3fbb1252..67a2c6c356a 100644 --- a/.github/workflows/proxy.statisk-data-forvalter-proxy.yml +++ b/.github/workflows/proxy.statisk-data-forvalter-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/statisk-data-forvalter-proxy" deploy-tag: "#deploy-statisk-data-forvalter-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.sykemelding-api-proxy.yml b/.github/workflows/proxy.sykemelding-api-proxy.yml index 2067b46cbb9..b70f83b8a08 100644 --- a/.github/workflows/proxy.sykemelding-api-proxy.yml +++ b/.github/workflows/proxy.sykemelding-api-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/sykemelding-api-proxy" deploy-tag: "#deploy-sykemelding-api-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.synthdata-meldekort-proxy.yml b/.github/workflows/proxy.synthdata-meldekort-proxy.yml index 788b7a00492..135b056b076 100644 --- a/.github/workflows/proxy.synthdata-meldekort-proxy.yml +++ b/.github/workflows/proxy.synthdata-meldekort-proxy.yml @@ -16,6 +16,9 @@ jobs: with: working-directory: "proxies/synthdata-meldekort-proxy" deploy-tag: "#deploy-synthdata-meldekort-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.tps-forvalteren-proxy.yml b/.github/workflows/proxy.tps-forvalteren-proxy.yml index 6463043c749..a0a477369c3 100644 --- a/.github/workflows/proxy.tps-forvalteren-proxy.yml +++ b/.github/workflows/proxy.tps-forvalteren-proxy.yml @@ -15,6 +15,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/tps-forvalteren-proxy" deploy-tag: "#deploy-tps-forvalteren-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/proxy.udistub-proxy.yml b/.github/workflows/proxy.udistub-proxy.yml index f0f823b785c..ac0c5e49216 100644 --- a/.github/workflows/proxy.udistub-proxy.yml +++ b/.github/workflows/proxy.udistub-proxy.yml @@ -17,6 +17,9 @@ jobs: cluster: "dev-fss" working-directory: "proxies/udistub-proxy" deploy-tag: "#deploy-udistub-proxy" + permissions: + contents: read + id-token: write secrets: NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }} NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} From 2efca2efc9a2cc2701792d2a0179e3bef33d0863 Mon Sep 17 00:00:00 2001 From: kristenhaerum Date: Mon, 4 Sep 2023 09:59:11 +0200 Subject: [PATCH 2/2] Fikset outbound access policy --- apps/adresse-service/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/adresse-service/config.yml b/apps/adresse-service/config.yml index 43c039f9a3d..1a038415db5 100644 --- a/apps/adresse-service/config.yml +++ b/apps/adresse-service/config.yml @@ -64,4 +64,4 @@ spec: cluster: dev-gcp outbound: external: - - host: https://testnav-pdl-proxy.dev-fss-pub.nais.io + - host: testnav-pdl-proxy.dev-fss-pub.nais.io