issue(73261): potential fix

bogdandina · bogdandina · commit c2541e8326a9 · 2026-01-19T18:49:08.000+02:00
diff --git a/.github/workflows/ci-cd-java.yml b/.github/workflows/ci-cd-java.yml
@@ -1,4 +1,9 @@
 name: ci-cd-java.yml
+
+permissions:
+  contents: read
+  packages: read
+
 on:
   workflow_call:
     secrets:
@@ -93,13 +98,15 @@ jobs:
           echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV"
 
       - name: Build & run tests inside Docker
-        if: inputs.runTestsInsideDocker == true
+        if: ${{ inputs.runTestsInsideDocker }}
         uses: docker/build-push-action@v6
         with:
           context: ${{ inputs.workingDirectory }}
           load: true
           target: "${{ env.TEST_STAGE }}"
           tags: "${{ env.IMAGE_NAME }}:${{ env.TEST_STAGE }}"
+          secrets:
+            github_token=${{ secrets.GITHUB_TOKEN }}
 
       - name: Build Docker Image
         uses: docker/build-push-action@v6
@@ -108,7 +115,7 @@ jobs:
           push: 'false'
           tags: 'hsldevcom/${{ env.IMAGE_NAME }}:${{ github.sha }}'
           secrets: |
-            "github_token=${{ secrets.GITHUB_TOKEN }}"
+            github_token=${{ secrets.GITHUB_TOKEN }}
 
       - name: Check if perform release
         id: perform_release
@@ -123,7 +130,7 @@ jobs:
             echo "Perform release condition: PERFORM_RELEASE"
 
       - name: Extract Docker metadata
-        if: env.PERFORM_RELEASE == true
+        if: ${{ env.PERFORM_RELEASE == 'true' }}
         id: meta
         uses: docker/metadata-action@v5
         with:
@@ -137,18 +144,18 @@ jobs:
             org.opencontainers.image.vendor=hsldevcom
 
       - name: Setup Docker Buildx
-        if: env.PERFORM_RELEASE == true
+        if: ${{ env.PERFORM_RELEASE == 'true' }}
         uses: docker/setup-buildx-action@v3
 
       - name: Login to Github Container Registry
-        if: env.PERFORM_RELEASE == 'true'
+        if: ${{ env.PERFORM_RELEASE == 'true' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Build & Push Docker image
-        if: env.PERFORM_RELEASE == true
+        if: ${{ env.PERFORM_RELEASE == 'true' }}
         uses: docker/build-push-action@v6
         with:
           context: ${{ inputs.workingDirectory }}
