From d4b13d9c38004210c27af1d6b8f9ac12f53d2d3d Mon Sep 17 00:00:00 2001
From: Emily Mabrey <emabrey@tenacityaudio.org>
Date: Mon, 13 Sep 2021 12:22:04 -0400
Subject: [PATCH] Fix Nuget cache in CI builds

Package writing was not working correctly due to permissions misconfiguration
Change NuGet cache writing scenarios
Always write to NuGet cache when building within a tenacityteam repository

Signed-off-by: Emily Mabrey <emabrey@tenacityaudio.org>
---
 .github/workflows/cmake_build.yml | 32 ++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/cmake_build.yml b/.github/workflows/cmake_build.yml
index fbea93b4d..660d381d8 100644
--- a/.github/workflows/cmake_build.yml
+++ b/.github/workflows/cmake_build.yml
@@ -11,6 +11,20 @@ defaults:
   run:
     shell: bash
 
+# See https://docs.github.com/en/rest/reference/permissions-required-for-github-apps
+# for information on what these individual permissions represent/control
+permissions:
+  actions: none
+  checks:  none
+  contents: read
+  deployments: none
+  issues: none
+  packages: read
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: read
+
 jobs:
 
   skip_test:
@@ -18,16 +32,6 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       actions: write
-      checks: read
-      contents: read
-      deployments: read
-      issues: read
-      discussions: read
-      packages: read
-      pull-requests: read
-      repository-projects: read
-      security-events: read
-      statuses: read
     outputs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
     steps:
@@ -46,6 +50,8 @@ jobs:
     if: ${{ needs.skip_test.outputs.should_skip != 'true' }}
     name: ${{ matrix.config.name }}
     runs-on: ${{ matrix.config.os }}
+    permissions:
+      packages: write
     strategy:
       fail-fast: false
       matrix:
@@ -198,11 +204,7 @@ jobs:
         rm ./nuget.config
         nuget sources add -Name tenacityteam_github_auto -Source https://nuget.pkg.github.com/tenacityteam/index.json -Username tenacityteam -Password ${{ secrets.GITHUB_TOKEN }} -StorePasswordInClearText -ForceEnglishOutput -NonInteractive
         nuget setapikey ${{ secrets.GITHUB_TOKEN }} -Source tenacityteam_github_auto -ForceEnglishOutput -NonInteractive
-        if [[ ${{ github.event_name }} == 'push' ]]; then
-          echo "VCPKG_BINARY_SOURCES=clear;nuget,tenacityteam_github_auto,readwrite;" >> ${GITHUB_ENV}
-        else
-          echo "VCPKG_BINARY_SOURCES=clear;nuget,tenacityteam_github_auto,read;" >> ${GITHUB_ENV}
-        fi
+        echo "VCPKG_BINARY_SOURCES=clear;nuget,tenacityteam_github_auto,readwrite;" >> ${GITHUB_ENV}
 
     - name: "[Linux] Install dependencies"
       if: runner.os == 'Linux'