From 61dd563174a79b9d6f6edd6c2fd7e0bc9a56b810 Mon Sep 17 00:00:00 2001
From: devkokov <dm.kokov@gmail.com>
Date: Thu, 27 Feb 2025 18:08:47 +0000
Subject: [PATCH] ARN-2494 Fixes for test & deployment pipelines

---
 .github/workflows/deploy_to_env.yml | 1 +
 .github/workflows/e2e_test.yml      | 1 +
 .github/workflows/pipeline_main.yml | 1 +
 .github/workflows/pipeline_pr.yml   | 6 ++++++
 4 files changed, 9 insertions(+)

diff --git a/.github/workflows/deploy_to_env.yml b/.github/workflows/deploy_to_env.yml
index 45aeb96f..1fef45b6 100644
--- a/.github/workflows/deploy_to_env.yml
+++ b/.github/workflows/deploy_to_env.yml
@@ -20,6 +20,7 @@ on:
 jobs:
   deploy_to_env:
     uses: ministryofjustice/hmpps-assess-risks-and-needs-github-actions/.github/workflows/deploy_to_env.yml@v1
+    secrets: inherit
     with:
       environment: ${{ inputs.environment }}
       image_tag: ${{ inputs.image_tag }}
diff --git a/.github/workflows/e2e_test.yml b/.github/workflows/e2e_test.yml
index c23e424d..6ffe89e3 100644
--- a/.github/workflows/e2e_test.yml
+++ b/.github/workflows/e2e_test.yml
@@ -106,6 +106,7 @@ jobs:
   save-timings:
     uses: ministryofjustice/hmpps-assess-risks-and-needs-github-actions/.github/workflows/cypress_save_timings.yml@v1
     if: success() || failure()
+    secrets: inherit
     needs:
       - get-timings
       - e2e-test
diff --git a/.github/workflows/pipeline_main.yml b/.github/workflows/pipeline_main.yml
index 39a17c17..dbf8105b 100644
--- a/.github/workflows/pipeline_main.yml
+++ b/.github/workflows/pipeline_main.yml
@@ -59,6 +59,7 @@ jobs:
   e2e_test:
     needs: build_docker
     uses: ./.github/workflows/e2e_test.yml
+    secrets: inherit
     with:
       app_version: ${{ needs.build_docker.outputs.app_version }}
 
diff --git a/.github/workflows/pipeline_pr.yml b/.github/workflows/pipeline_pr.yml
index 88669a16..01d0f248 100644
--- a/.github/workflows/pipeline_pr.yml
+++ b/.github/workflows/pipeline_pr.yml
@@ -7,6 +7,11 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+  packages: write
+  actions: write
+
 jobs:
   node_build:
     name: Build
@@ -51,5 +56,6 @@ jobs:
   e2e_test:
     needs: build_docker
     uses: ./.github/workflows/e2e_test.yml
+    secrets: inherit
     with:
       app_version: ${{ needs.build_docker.outputs.app_version }}