From 98edf462b2ca4eb37f285e1b9e2007e1a430154a Mon Sep 17 00:00:00 2001
From: vipin-dfe <vipin.chadha@education.gov.uk>
Date: Tue, 10 Dec 2024 11:58:59 +0000
Subject: [PATCH] Fix CI build persmissions

Remove permission from individual jobs in a workflow. Setting
permissions on individual jobs overrides the permissions set on the
workflow level.
---
 .github/workflows/build.yml | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c1281f755f..ffaaca22f3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,6 +10,7 @@ on:
 permissions:
   contents: write
   deployments: write
+  id-token: write
   issues: write
   packages: write
   pull-requests: write
@@ -436,9 +437,6 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: true
     concurrency: Review_${{github.event.number}}
-    permissions:
-      id-token: write
-      pull-requests: write
     environment:
        name: review
     steps:
@@ -498,8 +496,6 @@ jobs:
     if: github.ref == 'refs/heads/master'
     concurrency: Development
     runs-on: ubuntu-latest
-    permissions:
-      id-token: write
     environment:
       name: development
     outputs:
@@ -618,8 +614,6 @@ jobs:
     if: github.ref == 'refs/heads/master'
     concurrency: test
     runs-on: ubuntu-latest
-    permissions:
-      id-token: write
     environment:
        name: test
     steps:
@@ -666,8 +660,6 @@ jobs:
     needs: [ build_base, test ]
     environment:
        name: test
-    permissions:
-      id-token: write
     services:
       postgres:
         image: postgres:13.10
@@ -738,8 +730,6 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ integration, development ]
     concurrency: production
-    permissions:
-      id-token: write
     environment:
        name: production
     steps: