From f4373bf15db9008e50f910e01a279eee6dcee4a4 Mon Sep 17 00:00:00 2001
From: Antonis Stamatiou <stamatiou.antonis@gmail.com>
Date: Wed, 22 Mar 2023 11:47:53 +0200
Subject: [PATCH] fix(ci): Hotfix permissions for trivy push and docker login
 (#346)

---
 .github/workflows/cd.yml | 8 ++++++--
 .github/workflows/ci.yml | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 94b19e55..03bea88a 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -24,10 +24,14 @@ jobs:
       - name: cd/build-docker
         run: make build-image
 
+      - name: ci/docker-login
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: ci/push-docker
         run: |
-          set -eu
-          echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USERNAME --password-stdin
           docker tag mattermost/mattermost-operator:test mattermost/mattermost-operator:$TAG
           docker push mattermost/mattermost-operator:$TAG
         env:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fa38fcae..de24fedf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -84,6 +84,8 @@ jobs:
 
   build:
     if: ${{ github.event_name == 'pull_request' || github.ref_name  == 'master' }}
+    permissions:
+      security-events: write
     runs-on: ubuntu-latest
     needs: [lint, test]
     steps: