From af127a922293b67046c60b1d325aca8142303bd6 Mon Sep 17 00:00:00 2001
From: Erik Jaegervall <30996601+erikbosch@users.noreply.github.com>
Date: Thu, 13 Jun 2024 09:30:19 +0200
Subject: [PATCH] Give job write permission (#56)

Also updating dependency to get rid of Node.js 16 actions
Also updating timelimit to consider long-time builds
---
 .github/workflows/ci.yml             |  2 +-
 src/cpp-app/workflows/release.yml    | 16 +++++++++++++---
 src/python-app/workflows/release.yml |  9 +++++++--
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 06bd7cc..44276da 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -73,7 +73,7 @@ jobs:
           git config --global --add safe.directory $( pwd )
 
       - name: Identify changes in devenv repo
-        uses: dorny/paths-filter@v2
+        uses: dorny/paths-filter@v3
         id: changesInPath
         with:
           filters: |
diff --git a/src/cpp-app/workflows/release.yml b/src/cpp-app/workflows/release.yml
index 8c72063..6e4845a 100644
--- a/src/cpp-app/workflows/release.yml
+++ b/src/cpp-app/workflows/release.yml
@@ -18,6 +18,11 @@ on:
   release:
     types: [published, edited]
 
+# Needed if GITHUB_TOKEN by default do not have right to create release
+permissions:
+  contents: write
+  packages: write
+
 jobs:
 
   get-app-name:
@@ -76,7 +81,12 @@ jobs:
         with:
           checkName: Merge Trivy results
           token: ${{ secrets.GITHUB_TOKEN }}
-          timeoutSeconds: 1800
+          # This workflow does not trigger a build, instead it relies on that a successful build
+          # exists for this commit. If triggering this workflow just after a new commit has been
+          # uploaded we will need to wait for the "Merge Trivy results" to finish
+          # Building the default C++ App on Github may take long time, 70 minutes observed
+          # Setting limit to 100 minutes to have some margin
+          timeoutSeconds: 6000
           intervalSeconds: 20
 
       - name: Download builds from Build multiarch image workflow artifacts
@@ -145,7 +155,7 @@ jobs:
           path: generated_md
 
       - name: Setup Hugo
-        uses: peaceiris/actions-hugo@v2
+        uses: peaceiris/actions-hugo@v3
         with:
           hugo-version: "0.89.4"
           extended: true
@@ -222,7 +232,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish to GH Pages
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ${{github.workspace}}/hugo/public
diff --git a/src/python-app/workflows/release.yml b/src/python-app/workflows/release.yml
index b3115a2..af1435f 100644
--- a/src/python-app/workflows/release.yml
+++ b/src/python-app/workflows/release.yml
@@ -18,6 +18,11 @@ on:
   release:
     types: [published, edited]
 
+# Needed if GITHUB_TOKEN by default do not have right to create release
+permissions:
+  contents: write
+  packages: write
+
 jobs:
 
   get-app-name:
@@ -162,7 +167,7 @@ jobs:
           templatePath: ./.github/actions/templates
 
       - name: Setup Hugo
-        uses: peaceiris/actions-hugo@v2
+        uses: peaceiris/actions-hugo@v3
         with:
           hugo-version: "0.89.4"
           extended: true
@@ -242,7 +247,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish to GH Pages
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ${{github.workspace}}/hugo/public