CCM-12614: add github package manager authentication

Author: Ian-Hodges

.github/workflows/stage-2-test.yaml

@@ -40,16 +40,14 @@ env:
   AWS_REGION: eu-west-2
   TERM: xterm-256color
 
-permissions:
-  id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
-  packages: read # This is required for downloading from GitHub Package Registry
-
 jobs:
   check-generated-dependencies:
     name: "Check generated dependencies"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -68,6 +66,9 @@ jobs:
     name: "Unit tests"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -102,6 +103,9 @@ jobs:
     name: "Linting"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -116,6 +120,9 @@ jobs:
     name: "Typecheck"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
@@ -133,6 +140,8 @@ jobs:
     needs: [test-unit]
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5

scripts/set-github-token.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 
 npm config ls -l | grep '/npm.pkg.github.com/:_authToken' -q && echo "Github token already exists" && exit 0
 
-if [ -z "${GITHUB_TOKEN:-}" ]; then
+if [[ -z "${GITHUB_TOKEN:-}" ]]; then
     read -p "Enter GitHub token: " GITHUB_TOKEN
     export GITHUB_TOKEN
 fi