From f96b3b00e34d19bcf42c85d08fa0200d74f62166 Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Tue, 19 Nov 2024 14:36:22 +0100
Subject: [PATCH] ci: fix permissions for GITHUB_TOKEN on dependabot workflows
 (#22547)

---
 .github/workflows/dependabot-update-all.yml | 3 +--
 .github/workflows/test.yml                  | 3 ++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dependabot-update-all.yml b/.github/workflows/dependabot-update-all.yml
index fa649a7f63..d2f30d351b 100644
--- a/.github/workflows/dependabot-update-all.yml
+++ b/.github/workflows/dependabot-update-all.yml
@@ -2,6 +2,7 @@ name: Dependabot Update All Go Modules
 on: pull_request
 
 permissions:
+  contents: write
   pull-requests: write
 
 env:
@@ -16,8 +17,6 @@ jobs:
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
-          # Secret to be added in the repo under Settings > Secrets > Dependabot
-          token: ${{ secrets.PRBOT_PAT }}
       - uses: actions/setup-go@v5
         with:
           go-version: "1.23"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 79b91c6b5d..4990e889c3 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -7,7 +7,8 @@ on:
       - main
 
 permissions:
-  contents: read
+  contents: write
+  pull-requests: write
 
 concurrency:
   group: ci-${{ github.ref }}-tests