From b6f89f6dd096ed2ca60d65570b5c9cb504fd20d8 Mon Sep 17 00:00:00 2001
From: Sam <109683132+kernelsam@users.noreply.github.com>
Date: Fri, 12 Apr 2024 12:44:35 -0700
Subject: [PATCH] #17 shared add to project workflow,
 senzing-factory/build-resources#15 update workflow permissions

---
 .../workflows/add-labels-standardized.yaml    |  5 +++--
 .github/workflows/add-to-project-garage.yaml  | 19 ++++++++++---------
 .../dependabot-approve-and-merge.yaml         |  7 ++++---
 .github/workflows/lint-workflows.yaml         |  1 +
 .../workflows/move-pr-to-done-dependabot.yaml |  3 +++
 .github/workflows/pylint.yaml                 |  3 +++
 6 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml
index 1360a67..50687a5 100644
--- a/.github/workflows/add-labels-standardized.yaml
+++ b/.github/workflows/add-labels-standardized.yaml
@@ -6,10 +6,11 @@ on:
       - opened
       - reopened
 
+permissions:
+  issues: write
+
 jobs:
   add-issue-labels:
-    permissions:
-      issues: write
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml
index 7568671..1abad01 100644
--- a/.github/workflows/add-to-project-garage.yaml
+++ b/.github/workflows/add-to-project-garage.yaml
@@ -6,14 +6,15 @@ on:
       - opened
       - reopened
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project:
-    name: add issue to project
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: assign issue to project
-        uses: actions/add-to-project@v1.0.1
-        with:
-          github-token: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }}
-          project-url: https://github.com/orgs/${{ github.repository_owner }}/projects/${{ vars.SENZING_PROJECT_GARAGE }}
+    secrets:
+      SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v1
+    with:
+      classic: false
+      project-number: ${{ vars.SENZING_PROJECT_GARAGE }}
+      org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }}
diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml
index 15a5bf9..f86f170 100644
--- a/.github/workflows/dependabot-approve-and-merge.yaml
+++ b/.github/workflows/dependabot-approve-and-merge.yaml
@@ -4,11 +4,12 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   dependabot-approve-and-merge:
-    permissions:
-      contents: write
-      pull-requests: write
     secrets:
       SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }}
     uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v1
diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml
index 75a6d78..1bcd936 100644
--- a/.github/workflows/lint-workflows.yaml
+++ b/.github/workflows/lint-workflows.yaml
@@ -9,6 +9,7 @@ on:
 permissions:
   contents: read
   packages: read
+  pull-requests: read
   statuses: write
 
 jobs:
diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml
index f6c365b..4a5db44 100644
--- a/.github/workflows/move-pr-to-done-dependabot.yaml
+++ b/.github/workflows/move-pr-to-done-dependabot.yaml
@@ -5,6 +5,9 @@ on:
     branches: [main]
     types: [closed]
 
+permissions:
+  repository-projects: write
+
 jobs:
   move-pr-to-done-dependabot:
     secrets:
diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml
index 35eecb0..f363d87 100644
--- a/.github/workflows/pylint.yaml
+++ b/.github/workflows/pylint.yaml
@@ -2,6 +2,9 @@ name: pylint
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   pylint:
     runs-on: ubuntu-latest