diff --git a/.github/workflows/avm.res.analysis-services.server.yml b/.github/workflows/avm.res.analysis-services.server.yml index 91269939d3..d4fb75c88c 100644 --- a/.github/workflows/avm.res.analysis-services.server.yml +++ b/.github/workflows/avm.res.analysis-services.server.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.api-management.service.yml b/.github/workflows/avm.res.api-management.service.yml index 7167b2cfe5..e076b66d14 100644 --- a/.github/workflows/avm.res.api-management.service.yml +++ b/.github/workflows/avm.res.api-management.service.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.app.container-app.yml b/.github/workflows/avm.res.app.container-app.yml index ce37875211..ebe9a53b02 100644 --- a/.github/workflows/avm.res.app.container-app.yml +++ b/.github/workflows/avm.res.app.container-app.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -71,7 +70,10 @@ jobs: # Call reusable workflow # ############################## call-workflow-passing-data: - name: "Module" + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.app.managed-environment.yml b/.github/workflows/avm.res.app.managed-environment.yml index 181cad0eb7..1abf7ed421 100644 --- a/.github/workflows/avm.res.app.managed-environment.yml +++ b/.github/workflows/avm.res.app.managed-environment.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -71,7 +70,10 @@ jobs: # Call reusable workflow # ############################## call-workflow-passing-data: - name: "Module" + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.automation.automation-account.yml b/.github/workflows/avm.res.automation.automation-account.yml index 723678d25f..4b1c846214 100644 --- a/.github/workflows/avm.res.automation.automation-account.yml +++ b/.github/workflows/avm.res.automation.automation-account.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.batch.batch-account.yml b/.github/workflows/avm.res.batch.batch-account.yml index c273da81e1..bc2c84337b 100644 --- a/.github/workflows/avm.res.batch.batch-account.yml +++ b/.github/workflows/avm.res.batch.batch-account.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.cache.redis.yml b/.github/workflows/avm.res.cache.redis.yml index af698f3a67..27878ecb1c 100644 --- a/.github/workflows/avm.res.cache.redis.yml +++ b/.github/workflows/avm.res.cache.redis.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.cognitive-services.account.yml b/.github/workflows/avm.res.cognitive-services.account.yml index f0ccf35524..7ce13dc9e0 100644 --- a/.github/workflows/avm.res.cognitive-services.account.yml +++ b/.github/workflows/avm.res.cognitive-services.account.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.availability-set.yml b/.github/workflows/avm.res.compute.availability-set.yml index ffac2bd040..954ad6d863 100644 --- a/.github/workflows/avm.res.compute.availability-set.yml +++ b/.github/workflows/avm.res.compute.availability-set.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.disk-encryption-set.yml b/.github/workflows/avm.res.compute.disk-encryption-set.yml index 7cb2062e38..6ebcb587cb 100644 --- a/.github/workflows/avm.res.compute.disk-encryption-set.yml +++ b/.github/workflows/avm.res.compute.disk-encryption-set.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.disk.yml b/.github/workflows/avm.res.compute.disk.yml index 655ecd505f..e7ffab5ca5 100644 --- a/.github/workflows/avm.res.compute.disk.yml +++ b/.github/workflows/avm.res.compute.disk.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.gallery.yml b/.github/workflows/avm.res.compute.gallery.yml index 3b0ac41f9f..234cb2df96 100644 --- a/.github/workflows/avm.res.compute.gallery.yml +++ b/.github/workflows/avm.res.compute.gallery.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.image.yml b/.github/workflows/avm.res.compute.image.yml index bd2660c54f..cb9f4a0ea8 100644 --- a/.github/workflows/avm.res.compute.image.yml +++ b/.github/workflows/avm.res.compute.image.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.proximity-placement-group.yml b/.github/workflows/avm.res.compute.proximity-placement-group.yml index 4ac58ccad9..d5c7c38252 100644 --- a/.github/workflows/avm.res.compute.proximity-placement-group.yml +++ b/.github/workflows/avm.res.compute.proximity-placement-group.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.ssh-public-key.yml b/.github/workflows/avm.res.compute.ssh-public-key.yml index 29ce626d08..b4a494abaf 100644 --- a/.github/workflows/avm.res.compute.ssh-public-key.yml +++ b/.github/workflows/avm.res.compute.ssh-public-key.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.compute.virtual-machine.yml b/.github/workflows/avm.res.compute.virtual-machine.yml index 7127a3fdd8..5e831a9034 100644 --- a/.github/workflows/avm.res.compute.virtual-machine.yml +++ b/.github/workflows/avm.res.compute.virtual-machine.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.consumption.budget.yml b/.github/workflows/avm.res.consumption.budget.yml index 8ac628e2ab..f93a5da2d3 100644 --- a/.github/workflows/avm.res.consumption.budget.yml +++ b/.github/workflows/avm.res.consumption.budget.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.container-registry.registry.yml b/.github/workflows/avm.res.container-registry.registry.yml index efae26aaed..d7e65d9705 100644 --- a/.github/workflows/avm.res.container-registry.registry.yml +++ b/.github/workflows/avm.res.container-registry.registry.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.container-service.managed-cluster.yml b/.github/workflows/avm.res.container-service.managed-cluster.yml index a2eb2dd467..d2ab01232f 100644 --- a/.github/workflows/avm.res.container-service.managed-cluster.yml +++ b/.github/workflows/avm.res.container-service.managed-cluster.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -71,7 +70,10 @@ jobs: # Call reusable workflow # ############################## call-workflow-passing-data: - name: "Module" + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.data-factory.factory.yml b/.github/workflows/avm.res.data-factory.factory.yml index 1573643157..ce1f6e6402 100644 --- a/.github/workflows/avm.res.data-factory.factory.yml +++ b/.github/workflows/avm.res.data-factory.factory.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.data-protection.backup-vault.yml b/.github/workflows/avm.res.data-protection.backup-vault.yml index 2daff5bff2..4f43ab3885 100644 --- a/.github/workflows/avm.res.data-protection.backup-vault.yml +++ b/.github/workflows/avm.res.data-protection.backup-vault.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.databricks.access-connector.yml b/.github/workflows/avm.res.databricks.access-connector.yml index 95371deef7..5b672a4384 100644 --- a/.github/workflows/avm.res.databricks.access-connector.yml +++ b/.github/workflows/avm.res.databricks.access-connector.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.databricks.workspace.yml b/.github/workflows/avm.res.databricks.workspace.yml index acc3945634..e9a182ba0f 100644 --- a/.github/workflows/avm.res.databricks.workspace.yml +++ b/.github/workflows/avm.res.databricks.workspace.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.db-for-my-sql.flexible-server.yml b/.github/workflows/avm.res.db-for-my-sql.flexible-server.yml index de2784a190..67f321a9de 100644 --- a/.github/workflows/avm.res.db-for-my-sql.flexible-server.yml +++ b/.github/workflows/avm.res.db-for-my-sql.flexible-server.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.db-for-postgre-sql.flexible-server.yml b/.github/workflows/avm.res.db-for-postgre-sql.flexible-server.yml index 5ceb5ec41a..95e584231b 100644 --- a/.github/workflows/avm.res.db-for-postgre-sql.flexible-server.yml +++ b/.github/workflows/avm.res.db-for-postgre-sql.flexible-server.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.desktop-virtualization.application-group.yml b/.github/workflows/avm.res.desktop-virtualization.application-group.yml index b3e2624566..f3392cacf2 100644 --- a/.github/workflows/avm.res.desktop-virtualization.application-group.yml +++ b/.github/workflows/avm.res.desktop-virtualization.application-group.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.desktop-virtualization.scaling-plan.yml b/.github/workflows/avm.res.desktop-virtualization.scaling-plan.yml index f6bd3f9be4..de7552a17a 100644 --- a/.github/workflows/avm.res.desktop-virtualization.scaling-plan.yml +++ b/.github/workflows/avm.res.desktop-virtualization.scaling-plan.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.document-db.database-account.yml b/.github/workflows/avm.res.document-db.database-account.yml index 4f407adf88..9ddf9963a7 100644 --- a/.github/workflows/avm.res.document-db.database-account.yml +++ b/.github/workflows/avm.res.document-db.database-account.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.event-grid.domain.yml b/.github/workflows/avm.res.event-grid.domain.yml index 1536a406b7..805d86382a 100644 --- a/.github/workflows/avm.res.event-grid.domain.yml +++ b/.github/workflows/avm.res.event-grid.domain.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.event-grid.system-topic.yml b/.github/workflows/avm.res.event-grid.system-topic.yml index 30fcb4ee9c..4098fe7bb3 100644 --- a/.github/workflows/avm.res.event-grid.system-topic.yml +++ b/.github/workflows/avm.res.event-grid.system-topic.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.event-grid.topic.yml b/.github/workflows/avm.res.event-grid.topic.yml index dc16b2a7a5..4a698ff8d4 100644 --- a/.github/workflows/avm.res.event-grid.topic.yml +++ b/.github/workflows/avm.res.event-grid.topic.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.health-bot.health-bot.yml b/.github/workflows/avm.res.health-bot.health-bot.yml index 292d0b255e..fbe7dd559c 100644 --- a/.github/workflows/avm.res.health-bot.health-bot.yml +++ b/.github/workflows/avm.res.health-bot.health-bot.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.action-group.yml b/.github/workflows/avm.res.insights.action-group.yml index dc40921b56..de5630285f 100644 --- a/.github/workflows/avm.res.insights.action-group.yml +++ b/.github/workflows/avm.res.insights.action-group.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.activity-log-alert.yml b/.github/workflows/avm.res.insights.activity-log-alert.yml index fe2d36215f..dc088352d5 100644 --- a/.github/workflows/avm.res.insights.activity-log-alert.yml +++ b/.github/workflows/avm.res.insights.activity-log-alert.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.component.yml b/.github/workflows/avm.res.insights.component.yml index bd2778fa42..877f4d4440 100644 --- a/.github/workflows/avm.res.insights.component.yml +++ b/.github/workflows/avm.res.insights.component.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.data-collection-endpoint.yml b/.github/workflows/avm.res.insights.data-collection-endpoint.yml index b3c882c92b..11af5da538 100644 --- a/.github/workflows/avm.res.insights.data-collection-endpoint.yml +++ b/.github/workflows/avm.res.insights.data-collection-endpoint.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.data-collection-rule.yml b/.github/workflows/avm.res.insights.data-collection-rule.yml index 690bfad44e..4e1a5ba34f 100644 --- a/.github/workflows/avm.res.insights.data-collection-rule.yml +++ b/.github/workflows/avm.res.insights.data-collection-rule.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.diagnostic-setting.yml b/.github/workflows/avm.res.insights.diagnostic-setting.yml index d2cb23c00a..04a17f3706 100644 --- a/.github/workflows/avm.res.insights.diagnostic-setting.yml +++ b/.github/workflows/avm.res.insights.diagnostic-setting.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.metric-alert.yml b/.github/workflows/avm.res.insights.metric-alert.yml index 53bc687320..7b45d7709c 100644 --- a/.github/workflows/avm.res.insights.metric-alert.yml +++ b/.github/workflows/avm.res.insights.metric-alert.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.scheduled-query-rule.yml b/.github/workflows/avm.res.insights.scheduled-query-rule.yml index 1acc4275e0..95f4e28d9f 100644 --- a/.github/workflows/avm.res.insights.scheduled-query-rule.yml +++ b/.github/workflows/avm.res.insights.scheduled-query-rule.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.insights.webtest.yml b/.github/workflows/avm.res.insights.webtest.yml index f7060f7144..169f66747e 100644 --- a/.github/workflows/avm.res.insights.webtest.yml +++ b/.github/workflows/avm.res.insights.webtest.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.key-vault.vault.yml b/.github/workflows/avm.res.key-vault.vault.yml index 489f216068..35c2a196ca 100644 --- a/.github/workflows/avm.res.key-vault.vault.yml +++ b/.github/workflows/avm.res.key-vault.vault.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.kubernetes-configuration.extension.yml b/.github/workflows/avm.res.kubernetes-configuration.extension.yml index 7130c14889..255370b8c4 100644 --- a/.github/workflows/avm.res.kubernetes-configuration.extension.yml +++ b/.github/workflows/avm.res.kubernetes-configuration.extension.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.kubernetes-configuration.flux-configuration.yml b/.github/workflows/avm.res.kubernetes-configuration.flux-configuration.yml index 3fbff8c764..e00e543251 100644 --- a/.github/workflows/avm.res.kubernetes-configuration.flux-configuration.yml +++ b/.github/workflows/avm.res.kubernetes-configuration.flux-configuration.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.logic.workflow.yml b/.github/workflows/avm.res.logic.workflow.yml index 3ab29fde16..c5c823eb5e 100644 --- a/.github/workflows/avm.res.logic.workflow.yml +++ b/.github/workflows/avm.res.logic.workflow.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.maintenance.maintenance-configuration.yml b/.github/workflows/avm.res.maintenance.maintenance-configuration.yml index e832984ac4..9ba597eb51 100644 --- a/.github/workflows/avm.res.maintenance.maintenance-configuration.yml +++ b/.github/workflows/avm.res.maintenance.maintenance-configuration.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.managed-identity.user-assigned-identity.yml b/.github/workflows/avm.res.managed-identity.user-assigned-identity.yml index e8a11686d4..4c953bb184 100644 --- a/.github/workflows/avm.res.managed-identity.user-assigned-identity.yml +++ b/.github/workflows/avm.res.managed-identity.user-assigned-identity.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.net-app.net-app-account.yml b/.github/workflows/avm.res.net-app.net-app-account.yml index 8eabd526d2..983aa5bf30 100644 --- a/.github/workflows/avm.res.net-app.net-app-account.yml +++ b/.github/workflows/avm.res.net-app.net-app-account.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.application-security-group.yml b/.github/workflows/avm.res.network.application-security-group.yml index 249d5e6934..c4cad4cf66 100644 --- a/.github/workflows/avm.res.network.application-security-group.yml +++ b/.github/workflows/avm.res.network.application-security-group.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.bastion-host.yml b/.github/workflows/avm.res.network.bastion-host.yml index 26845eb1e7..6dd2ecf7cf 100644 --- a/.github/workflows/avm.res.network.bastion-host.yml +++ b/.github/workflows/avm.res.network.bastion-host.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.connection.yml b/.github/workflows/avm.res.network.connection.yml index 30739b985b..4c7108516f 100644 --- a/.github/workflows/avm.res.network.connection.yml +++ b/.github/workflows/avm.res.network.connection.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.ddos-protection-plan.yml b/.github/workflows/avm.res.network.ddos-protection-plan.yml index 16865930a0..6007a83daf 100644 --- a/.github/workflows/avm.res.network.ddos-protection-plan.yml +++ b/.github/workflows/avm.res.network.ddos-protection-plan.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.dns-forwarding-ruleset.yml b/.github/workflows/avm.res.network.dns-forwarding-ruleset.yml index 6af4d63f36..14831d3af5 100644 --- a/.github/workflows/avm.res.network.dns-forwarding-ruleset.yml +++ b/.github/workflows/avm.res.network.dns-forwarding-ruleset.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.dns-resolver.yml b/.github/workflows/avm.res.network.dns-resolver.yml index 0876340400..00ade7479a 100644 --- a/.github/workflows/avm.res.network.dns-resolver.yml +++ b/.github/workflows/avm.res.network.dns-resolver.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.dns-zone.yml b/.github/workflows/avm.res.network.dns-zone.yml index 2f61dd3e20..4249d6a6bb 100644 --- a/.github/workflows/avm.res.network.dns-zone.yml +++ b/.github/workflows/avm.res.network.dns-zone.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.express-route-circuit.yml b/.github/workflows/avm.res.network.express-route-circuit.yml index 4f8773ba12..05a6f9a77a 100644 --- a/.github/workflows/avm.res.network.express-route-circuit.yml +++ b/.github/workflows/avm.res.network.express-route-circuit.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.express-route-gateway.yml b/.github/workflows/avm.res.network.express-route-gateway.yml index e5a6b555ed..32ee0d53fd 100644 --- a/.github/workflows/avm.res.network.express-route-gateway.yml +++ b/.github/workflows/avm.res.network.express-route-gateway.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.firewall-policy.yml b/.github/workflows/avm.res.network.firewall-policy.yml index 5279706f7b..297f00f196 100644 --- a/.github/workflows/avm.res.network.firewall-policy.yml +++ b/.github/workflows/avm.res.network.firewall-policy.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.front-door-web-application-firewall-policy.yml b/.github/workflows/avm.res.network.front-door-web-application-firewall-policy.yml index b060d5bbd2..cce205fd07 100644 --- a/.github/workflows/avm.res.network.front-door-web-application-firewall-policy.yml +++ b/.github/workflows/avm.res.network.front-door-web-application-firewall-policy.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.front-door.yml b/.github/workflows/avm.res.network.front-door.yml index 1e5d911076..7e9c2b065c 100644 --- a/.github/workflows/avm.res.network.front-door.yml +++ b/.github/workflows/avm.res.network.front-door.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.load-balancer.yml b/.github/workflows/avm.res.network.load-balancer.yml index 8372a46550..b7b9c2c9e7 100644 --- a/.github/workflows/avm.res.network.load-balancer.yml +++ b/.github/workflows/avm.res.network.load-balancer.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.local-network-gateway.yml b/.github/workflows/avm.res.network.local-network-gateway.yml index 308c94c182..7a5d795615 100644 --- a/.github/workflows/avm.res.network.local-network-gateway.yml +++ b/.github/workflows/avm.res.network.local-network-gateway.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.nat-gateway.yml b/.github/workflows/avm.res.network.nat-gateway.yml index 492c3f09d1..ae2862141e 100644 --- a/.github/workflows/avm.res.network.nat-gateway.yml +++ b/.github/workflows/avm.res.network.nat-gateway.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -71,7 +70,10 @@ jobs: # Call reusable workflow # ############################## call-workflow-passing-data: - name: "Module" + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.network-interface.yml b/.github/workflows/avm.res.network.network-interface.yml index 990716e4ce..39687b1d28 100644 --- a/.github/workflows/avm.res.network.network-interface.yml +++ b/.github/workflows/avm.res.network.network-interface.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.network-security-group.yml b/.github/workflows/avm.res.network.network-security-group.yml index 37f10e3260..bb8af63b9b 100644 --- a/.github/workflows/avm.res.network.network-security-group.yml +++ b/.github/workflows/avm.res.network.network-security-group.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.private-dns-zone.yml b/.github/workflows/avm.res.network.private-dns-zone.yml index f676fe1d85..767024712f 100644 --- a/.github/workflows/avm.res.network.private-dns-zone.yml +++ b/.github/workflows/avm.res.network.private-dns-zone.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.private-endpoint.yml b/.github/workflows/avm.res.network.private-endpoint.yml index 26342bef74..e833da872f 100644 --- a/.github/workflows/avm.res.network.private-endpoint.yml +++ b/.github/workflows/avm.res.network.private-endpoint.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.public-ip-address.yml b/.github/workflows/avm.res.network.public-ip-address.yml index b49c78f72a..2bdc24293d 100644 --- a/.github/workflows/avm.res.network.public-ip-address.yml +++ b/.github/workflows/avm.res.network.public-ip-address.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.public-ip-prefix.yml b/.github/workflows/avm.res.network.public-ip-prefix.yml index dda5497914..862a95a251 100644 --- a/.github/workflows/avm.res.network.public-ip-prefix.yml +++ b/.github/workflows/avm.res.network.public-ip-prefix.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.route-table.yml b/.github/workflows/avm.res.network.route-table.yml index 3008e69f13..d287d86799 100644 --- a/.github/workflows/avm.res.network.route-table.yml +++ b/.github/workflows/avm.res.network.route-table.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.trafficmanagerprofile.yml b/.github/workflows/avm.res.network.trafficmanagerprofile.yml index ffbde12777..9cdaa3afdd 100644 --- a/.github/workflows/avm.res.network.trafficmanagerprofile.yml +++ b/.github/workflows/avm.res.network.trafficmanagerprofile.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.virtual-network-gateway.yml b/.github/workflows/avm.res.network.virtual-network-gateway.yml index 6090d0ccce..f72cd8ec3b 100644 --- a/.github/workflows/avm.res.network.virtual-network-gateway.yml +++ b/.github/workflows/avm.res.network.virtual-network-gateway.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.virtual-network.yml b/.github/workflows/avm.res.network.virtual-network.yml index d4135cfeee..5162d2e3dd 100644 --- a/.github/workflows/avm.res.network.virtual-network.yml +++ b/.github/workflows/avm.res.network.virtual-network.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.vpn-gateway.yml b/.github/workflows/avm.res.network.vpn-gateway.yml index 9b830e2feb..7d38ba8802 100644 --- a/.github/workflows/avm.res.network.vpn-gateway.yml +++ b/.github/workflows/avm.res.network.vpn-gateway.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.network.vpn-site.yml b/.github/workflows/avm.res.network.vpn-site.yml index d6590ba2c6..b80c8d13f8 100644 --- a/.github/workflows/avm.res.network.vpn-site.yml +++ b/.github/workflows/avm.res.network.vpn-site.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.operational-insights.workspace.yml b/.github/workflows/avm.res.operational-insights.workspace.yml index 9b1d0c0d95..3eff0bc498 100644 --- a/.github/workflows/avm.res.operational-insights.workspace.yml +++ b/.github/workflows/avm.res.operational-insights.workspace.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.operations-management.solution.yml b/.github/workflows/avm.res.operations-management.solution.yml index 269a392869..29224ff36f 100644 --- a/.github/workflows/avm.res.operations-management.solution.yml +++ b/.github/workflows/avm.res.operations-management.solution.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.power-bi-dedicated.capacity.yml b/.github/workflows/avm.res.power-bi-dedicated.capacity.yml index 55da3cefa0..23fcce45cc 100644 --- a/.github/workflows/avm.res.power-bi-dedicated.capacity.yml +++ b/.github/workflows/avm.res.power-bi-dedicated.capacity.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.resource-graph.query.yml b/.github/workflows/avm.res.resource-graph.query.yml index f4616927ea..3a4d5a2c9b 100644 --- a/.github/workflows/avm.res.resource-graph.query.yml +++ b/.github/workflows/avm.res.resource-graph.query.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.resources.deployment-script.yml b/.github/workflows/avm.res.resources.deployment-script.yml index 87ebb210d8..1169625faa 100644 --- a/.github/workflows/avm.res.resources.deployment-script.yml +++ b/.github/workflows/avm.res.resources.deployment-script.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.resources.resource-group.yml b/.github/workflows/avm.res.resources.resource-group.yml index 9c0d5f1f89..aeededb915 100644 --- a/.github/workflows/avm.res.resources.resource-group.yml +++ b/.github/workflows/avm.res.resources.resource-group.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.search.search-service.yml b/.github/workflows/avm.res.search.search-service.yml index b71d10cdfd..6b6139d7ee 100644 --- a/.github/workflows/avm.res.search.search-service.yml +++ b/.github/workflows/avm.res.search.search-service.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.service-bus.namespace.yml b/.github/workflows/avm.res.service-bus.namespace.yml index d3dd45d9ec..3fb712c511 100644 --- a/.github/workflows/avm.res.service-bus.namespace.yml +++ b/.github/workflows/avm.res.service-bus.namespace.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.sql.server.yml b/.github/workflows/avm.res.sql.server.yml index 860972c5f8..af8118e4a7 100644 --- a/.github/workflows/avm.res.sql.server.yml +++ b/.github/workflows/avm.res.sql.server.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.storage.storage-account.yml b/.github/workflows/avm.res.storage.storage-account.yml index d6c72b0bdd..3b39de874a 100644 --- a/.github/workflows/avm.res.storage.storage-account.yml +++ b/.github/workflows/avm.res.storage.storage-account.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.web.serverfarm.yml b/.github/workflows/avm.res.web.serverfarm.yml index eccac95c47..18071040a0 100644 --- a/.github/workflows/avm.res.web.serverfarm.yml +++ b/.github/workflows/avm.res.web.serverfarm.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.web.site.yml b/.github/workflows/avm.res.web.site.yml index 20395f7a61..05714787a4 100644 --- a/.github/workflows/avm.res.web.site.yml +++ b/.github/workflows/avm.res.web.site.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.res.web.static-site.yml b/.github/workflows/avm.res.web.static-site.yml index 71c245fd0f..e55d55bcfc 100644 --- a/.github/workflows/avm.res.web.static-site.yml +++ b/.github/workflows/avm.res.web.static-site.yml @@ -20,7 +20,6 @@ on: description: "Remove deployed module" required: false default: true - push: branches: - main @@ -72,6 +71,9 @@ jobs: ############################## call-workflow-passing-data: name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags needs: - job_initialize_pipeline uses: ./.github/workflows/avm.template.module.yml diff --git a/.github/workflows/avm.template.module.yml b/.github/workflows/avm.template.module.yml index 8629d675fe..48fe6ab9f6 100644 --- a/.github/workflows/avm.template.module.yml +++ b/.github/workflows/avm.template.module.yml @@ -20,10 +20,6 @@ on: description: "Relative path to the module folder" required: true -permissions: - id-token: write # For OIDC - contents: write # For release tags - env: ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}" ARM_MGMTGROUP_ID: "${{ secrets.ARM_MGMTGROUP_ID }}"