build: give HuaweiCloud repo workflow write permissions

[ndr-brt]

What this PR changes/adds

give HuaweiCloud repo workflow write permissions

Why it does that

it needs those

Further notes

List other areas of code that have changed but are not necessarily linked to the main feature. This could be method
signature changes, package declarations, bugs that were encountered and were fixed inline, etc.

Linked Issue(s)

Closes eclipse-edc/Technology-HuaweiCloud#66

Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.

[eclipse-otterdog]

This is your friendly self-service bot.

Thank you for raising a pull request to update the configuration of your GitHub organization.
You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to fulfilled for auto-merging to be available:

• valid configuration
• approved by a project lead
• does not require any secrets
• does not update settings only accessible via the GitHub Web UI
• does not remove any resource

Otterdog commands and options

You can trigger otterdog actions by commenting on this PR:

• /otterdog team-info checks the team / org membership for the PR author
• /otterdog validate validates the configuration change
• /otterdog validate info validates the configuration change, printing also validation infos
• /otterdog check-sync checks if the base ref is in sync with live settings
• /otterdog merge merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author)
• /otterdog done notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team)
• /otterdog apply re-apply a previously failed attempt (only accessible for members of the admin team)

[eclipse-otterdog]

This is your friendly self-service bot.

The author (ndr-brt) of this PR is associated with this organization in the role of MEMBER.

Additionally, ndr-brt is a member of the following teams:

• technology-edc-contributors

• technology-edc-committers

• technology-edc-security

[eclipse-otterdog]

This is your friendly self-service bot.
Please find below the validation of the requested configuration changes:

Diff for 7244f9b

Organization technology.edc[id=eclipse-edc]
╷
│ Warning: repository[name="FederatedCatalog"] has 'gh_pages_build_type' with value 'legacy' but no corresponding 'github-pages' environment, please add such an environment.
╵
╷
│ Warning: repository[name="IdentityHub"] has 'gh_pages_build_type' with value 'legacy' but no corresponding 'github-pages' environment, please add such an environment.
╵
  there have been 20 validation infos, enable verbose output with '-v' to to display them.

  
!   repo_workflow_settings[repository="Technology-HuaweiCloud"] {
!     default_workflow_permissions      = "read" -> "write"
!   }
  
  Plan: 0 to add, 1 to change, 0 to delete.

[eclipse-otterdog]

This is your friendly self-service bot. The current configuration is in-sync with the live settings. 🚀

[netomi]

actually the OP of eclipse-edc/Technology-HuaweiCloud#68 is correct. You have to grant the called workflow the required permissions.

Your organization grants by default read only permissions to all workflows and I would strongly advise to keep it that way. It usually much less work to add the required permissions on a workflow basis instead of just granting write by default and then fix them all together at a later time when we are asking all our project to use read by default as this is the best practice.

As you already use read by now, it does not really make sense to go back to write.

[ndr-brt]

actually the OP of eclipse-edc/Technology-HuaweiCloud#68 is correct. You have to grant the called workflow the required permissions.

Your organization grants by default read only permissions to all workflows and I would strongly advise to keep it that way. It usually much less work to add the required permissions on a workflow basis instead of just granting write by default and then fix them all together at a later time when we are asking all our project to use read by default as this is the best practice.

As you already use read by now, it does not really make sense to go back to write.

all the other repos have "write", if that's not a best practice we should change them back to "read", and have to update all of the specific workflow, right?

[netomi]

yes indeed, in the long term we would like that all projects / repositories use read by default, however I understand that there is effort involved, so we also work on tools to help you doing that. Having said that, whenever there is a chance to already use read, do it as it will save you work in the long run imho.

[ndr-brt]

Got it, thanks for your explaination
in any case that write permission was not really needed 😅 .