From 39348a66d267e32bcad6c24f2829807e68143441 Mon Sep 17 00:00:00 2001
From: Ian <52504170+ibacher@users.noreply.github.com>
Date: Mon, 8 Apr 2024 11:07:45 -0400
Subject: [PATCH] Set permissions for build.yaml to read-only

---
 .github/workflows/build.yaml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 883d0f20309c..29bf44bd4039 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -10,7 +10,6 @@ on:
       - 2.5.x
       - 2.6.x
   pull_request:
-    types:
     branches:
       - master
       - 2.4.x
@@ -18,6 +17,8 @@ on:
       - 2.6.x
   workflow_dispatch:
 
+permissions: read-all
+
 jobs:
   build:
     strategy:
@@ -51,14 +52,6 @@ jobs:
         run: |
           echo "::set-output name=branch_name::${BRANCH_NAME_OR_REF#refs/heads/}"
           echo "::set-output name=pr_number::$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")"
-      - name: Send data to Sonar
-        # only send sonar data for Java 11
-        if: ${{ matrix.java-version == '11' }}
-        continue-on-error: true
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=openmrs_openmrs-core --batch-mode --file pom.xml -P sonar-cloud
       - name: Update coverage data
         # only send coverage data for Java 8
         if: ${{ matrix.java-version == '8' && steps.refs.outcome == 'success' }}