resolve (#20298)

sarah-witt · web-flow · commit b98891a9568d · 2025-05-15T15:58:56.000+02:00
diff --git a/.github/workflows/flaky-tests.yml b/.github/workflows/flaky-tests.yml
@@ -29,6 +29,12 @@ jobs:
       pytest-args: '-m flaky'
     secrets: inherit
 
+    permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
+
   publish-test-results:
     needs:
     - test
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -28,9 +28,11 @@ jobs:
       pytest-args: '-m "not flaky"'
     secrets: inherit
 
-    # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
     permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
        id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
 
   publish-test-results:
     
diff --git a/.github/workflows/nightly-base-package.yml b/.github/workflows/nightly-base-package.yml
@@ -14,9 +14,11 @@ jobs:
   test:
     uses: ./.github/workflows/test-all.yml
 
-    # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
     permissions:
-      id-token: write
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
 
     with:
       repo: core
diff --git a/.github/workflows/pr-all.yml b/.github/workflows/pr-all.yml
@@ -18,9 +18,11 @@ jobs:
   test:
     uses: ./.github/workflows/test-all.yml
 
-    # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
     permissions:
-      id-token: write
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
 
     with:
       repo: core
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -23,6 +23,8 @@ jobs:
       repo: core
     secrets: inherit
 
-    # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
     permissions:
-      id-token: write
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
diff --git a/.github/workflows/test-agent.yml b/.github/workflows/test-agent.yml
@@ -49,6 +49,11 @@ jobs:
       agent-image-windows: "${{ inputs.agent-image-windows }}"
       agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}"
     secrets: inherit
+    permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
 
   submit-traces:
     needs:
diff --git a/.github/workflows/test-fips-e2e.yml b/.github/workflows/test-fips-e2e.yml
@@ -45,9 +45,11 @@ jobs:
       TRACE_CAPTURE_BASE_DIR: "trace-captures"
       TRACE_CAPTURE_LOG: "trace-captures/output.log"
 
-    # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
     permissions:
-      id-token: write
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
 
     steps:
 
diff --git a/.github/workflows/test-target.yml b/.github/workflows/test-target.yml
@@ -114,9 +114,11 @@ jobs:
       TRACE_CAPTURE_BASE_DIR: "trace-captures"
       TRACE_CAPTURE_LOG: "trace-captures/output.log"
 
-    # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
     permissions:
-        id-token: write
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
     steps:
 
     - name: Set environment variables with sanitized paths
diff --git a/.github/workflows/weekly-latest.yml b/.github/workflows/weekly-latest.yml
@@ -14,6 +14,11 @@ jobs:
       # Options
       latest: true
     secrets: inherit
+    permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
+       # needed for compute-matrix in test-target.yml
+       contents: read
 
   submit-traces:
     needs:
