From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:33:44 +0000 (-0400)
Subject: Allow build-tags to run on forks
X-Git-Tag: rec-5.1.0-alpha1~97^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c4888c19d4997d7e443c6ad4953e716ee5429b0;p=thirdparty%2Fpdns.git

Allow build-tags to run on forks

build-tags uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master
As of f107ec62467b8779db9bbdb175721ef232ed52e5, that workflow requires:

    permissions:
      actions: read   # To read the workflow path.
      id-token: write # To sign the provenance.
      contents: write # To be able to upload assets as release artifacts

Per https://docs.github.com/en/actions/using-workflows/reusing-workflows
in order for this to work, the calling job (in build-tags) needs to
have the maximum required permissions in order for the calling workflow
to be run.
---

diff --git a/.github/workflows/build-tags.yml b/.github/workflows/build-tags.yml
index 6431ec9d5f..cccb4d5cad 100644
--- a/.github/workflows/build-tags.yml
+++ b/.github/workflows/build-tags.yml
@@ -8,6 +8,11 @@ on:
     - 'dnsdist-*'
     - 'rec-*'
 
+permissions:
+  actions: read
+  id-token: write
+  contents: write
+
 jobs:
   call-build-packages-auth:
     uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master