From af2b56a46bfea068a0815f050f9c0499aa31c3d9 Mon Sep 17 00:00:00 2001
From: Paul Fouquet <pfouquet@linz.govt.nz>
Date: Thu, 18 Apr 2024 10:05:05 +1200
Subject: [PATCH] ci: move permissions to prod only and always run lint
 workflows

---
 .github/workflows/main.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 3e18bc105..f4e259a6b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,9 +1,4 @@
 on: [push]
-env:
-  CLUSTER_NAME: Workflows
-permissions:
-  id-token: write
-  contents: read
 
 jobs:
   main:
@@ -26,7 +21,6 @@ jobs:
           ./argo-linux-amd64 version
 
       - name: Lint workflows
-        if: github.ref != 'refs/heads/master'
         run: |
           ./argo-linux-amd64 lint --offline templates/ workflows/
 
@@ -39,6 +33,13 @@ jobs:
     environment:
       name: prod
 
+    permissions:
+      id-token: write
+      contents: read
+
+    env:
+      CLUSTER_NAME: Workflows
+
     steps:
       - uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3.1.0