diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml index 4071e841e4..9b01c101ca 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml @@ -49,9 +49,16 @@ on: required: false type: boolean default: false + +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml index eecf430e17..6a70d257ba 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml @@ -16,9 +16,15 @@ on: # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. - cron: 0 3 * * * +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml b/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml index a47be8c6fd..a1d51ec286 100644 --- a/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml @@ -49,9 +49,16 @@ on: required: false type: boolean default: false + +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml index e47d3bdefa..0f8fd1c7e2 100644 --- a/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml +++ b/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml @@ -15,9 +15,15 @@ on: # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. - cron: 0 3 * * * +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/aws/.github/workflows/upgrade-bridge.yml b/provider-ci/test-providers/aws/.github/workflows/upgrade-bridge.yml index 22d119a457..62a649403a 100644 --- a/provider-ci/test-providers/aws/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/test-providers/aws/.github/workflows/upgrade-bridge.yml @@ -49,9 +49,16 @@ on: required: false type: boolean default: false + +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml index d82cf7faea..80fd140fb8 100644 --- a/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml +++ b/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml @@ -15,9 +15,15 @@ on: # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. - cron: 0 3 * * * +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-bridge.yml b/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-bridge.yml index 639cbed527..87e22025bd 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-bridge.yml @@ -49,9 +49,16 @@ on: required: false type: boolean default: false + +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/docker/.github/workflows/upgrade-bridge.yml b/provider-ci/test-providers/docker/.github/workflows/upgrade-bridge.yml index 639cbed527..87e22025bd 100644 --- a/provider-ci/test-providers/docker/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/test-providers/docker/.github/workflows/upgrade-bridge.yml @@ -49,9 +49,16 @@ on: required: false type: boolean default: false + +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider diff --git a/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml index 7d0056bce5..ae5dd57039 100644 --- a/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml +++ b/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml @@ -15,9 +15,15 @@ on: # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. - cron: 0 3 * * * +permissions: + contents: write + issues: write + pull-requests: write + env: - GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: upgrade_provider: name: upgrade-provider