ci: update permissions on certain steps

tobiasehlert · tobiasehlert · commit d1fae4a3ce1c · 2024-12-10T17:20:58.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -100,6 +100,8 @@ jobs:
 
   argocd:
     if: github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     needs: build
     steps:
@@ -115,20 +117,20 @@ jobs:
       - name: Trigger workflow in tibiadata-argocd-app-of-apps repo
         uses: peter-evans/repository-dispatch@v3
         with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
           repository: TibiaData/tibiadata-argocd-app-of-apps
           event-type: bump-tibiadata-api-go-image-sha
           client-payload: '{"docker_digest": "${{ needs.build.outputs.docker_build_digest }}", "subdomain": "${{ steps.determine_deployment.outputs.subdomain }}"}'
 
   helm-chart:
     if: github.event_name == 'release'
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     needs: build
     steps:
       - name: Trigger workflow in tibiadata-helm-charts repo
         uses: peter-evans/repository-dispatch@v3
         with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
           repository: TibiaData/tibiadata-helm-charts
           event-type: bump-helm-chart-release
           client-payload: '{"chart_name": "${{ github.event.repository.name }}", "release_version": "${{ needs.build.outputs.docker_meta_version }}"}'
