From 58b297f731302ef59c70aa17fa51f65d2ba28a06 Mon Sep 17 00:00:00 2001
From: sunny-sidhu-and <97452339+sunny-sidhu-and@users.noreply.github.com>
Date: Wed, 9 Aug 2023 16:10:30 +0100
Subject: [PATCH] ER-709: Azure - Stop overriding GitHub Action Permissions
 (#760)

* ER-709: Azure Staging - GitHub Actions Workflow

* ER-709: Omit permissions override

---------

Co-authored-by: Sunny Sidhu <ssidhu@and.digital>
---
 .github/workflows/azure-deploy-dev.yml             | 5 -----
 .github/workflows/azure-deploy-review-teardown.yml | 5 -----
 .github/workflows/azure-deploy-review.yml          | 5 -----
 .github/workflows/azure-deploy-stage.yml           | 7 +------
 .github/workflows/tf-azure-deploy.yml              | 5 -----
 5 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/.github/workflows/azure-deploy-dev.yml b/.github/workflows/azure-deploy-dev.yml
index aac7ce28c..d5a6d2e0f 100644
--- a/.github/workflows/azure-deploy-dev.yml
+++ b/.github/workflows/azure-deploy-dev.yml
@@ -19,11 +19,6 @@ on:
       - terraform-azure/**
       - uml/*
 
-# Permissions for OIDC authentication
-permissions:
-  id-token: write
-  contents: read
-
 env:
   ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
diff --git a/.github/workflows/azure-deploy-review-teardown.yml b/.github/workflows/azure-deploy-review-teardown.yml
index 74faefb51..9bfdaef7d 100644
--- a/.github/workflows/azure-deploy-review-teardown.yml
+++ b/.github/workflows/azure-deploy-review-teardown.yml
@@ -5,11 +5,6 @@ on:
     types:
       - closed
 
-# Permissions for OIDC authentication
-permissions:
-  id-token: write
-  contents: read
-
 env:
   ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
diff --git a/.github/workflows/azure-deploy-review.yml b/.github/workflows/azure-deploy-review.yml
index e2aa8ead6..f177579ca 100644
--- a/.github/workflows/azure-deploy-review.yml
+++ b/.github/workflows/azure-deploy-review.yml
@@ -20,11 +20,6 @@ on:
       - terraform-azure
       - uml/*
 
-# Permissions for OIDC authentication
-permissions:
-  id-token: write
-  contents: read
-
 env:
   ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml
index 300468a27..2dd813ed3 100644
--- a/.github/workflows/azure-deploy-stage.yml
+++ b/.github/workflows/azure-deploy-stage.yml
@@ -15,12 +15,7 @@ on:
   push:
     tags:
       - rc*
-
-# Permissions for OIDC authentication
-permissions:
-  id-token: write
-  contents: read
-
+      - 
 env:
   ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
diff --git a/.github/workflows/tf-azure-deploy.yml b/.github/workflows/tf-azure-deploy.yml
index d8dcb4de9..9335a79e1 100644
--- a/.github/workflows/tf-azure-deploy.yml
+++ b/.github/workflows/tf-azure-deploy.yml
@@ -23,11 +23,6 @@ defaults:
   run:
     working-directory: ./terraform-azure
 
-# Permissions for OIDC authentication
-permissions:
-  id-token: write
-  contents: read
-
 env:
   ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}