fix: update permissions to allow write access for contents #13
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI schema teardown on PR close | |
| env: | |
| FAST_WIF_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| CICD_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
| DBT_SERVICE_ACCOUNT: ${{ secrets.DBT_SERVICE_ACCOUNT_EMAIL }} | |
| TARGET: pr | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| workflow_dispatch: | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| jobs: | |
| CI_TEARDOWN_job: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Set up Python | |
| run: uv python install | |
| - name: Install dependencies | |
| run: uv sync --dev | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ env.FAST_WIF_PROVIDER }} | |
| service_account: ${{ env.CICD_SERVICE_ACCOUNT }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Get PR NUM | |
| id: schema_id | |
| run: echo "PR_NUM=${{ github.event.number }}" >> $GITHUB_ENV | |
| - name: dbt deps | |
| run: uv run dbt deps | |
| - name: drop PR schemas | |
| run: uv run dbt run-operation drop_pr_staging_schemas --target ${{ env.TARGET }} --args "{'PR_number':'${{ env.PR_NUM }}'}" --vars "{'schema_id':''}" |