fix: give token write perms to sync-submodules (#519)

Issue #, if available: *Description of changes:* *Testing done:* - [X] I've reviewed the guidance in CONTRIBUTING.md #### License Acceptance By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. Signed-off-by: Gavin Inglis <giinglis@amazon.com>
runfinch · Aug 4, 2023 · 8b639ea · 8b639ea
1 parent b67452e
commit 8b639ea
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.github/workflows/sync-submodules-and-deps.yaml b/.github/workflows/sync-submodules-and-deps.yaml
@@ -6,6 +6,12 @@ on:
     - cron: '0 9 * * *'
   workflow_dispatch:
 
+permissions:
+  # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
+  # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
+  id-token: write
+  contents: write
+
 jobs:
   update:
     runs-on: ubuntu-latest