From 6411cc63ca0af7a21386214eb9a8e31e8e219f44 Mon Sep 17 00:00:00 2001
From: aj-bw <81774843+aj-bw@users.noreply.github.com>
Date: Tue, 3 Jun 2025 12:40:46 -0400
Subject: [PATCH] 
 BRE-875/server-builds-intermittently-failing-after-introducing-build-cache
 (#5909)

* increase logging

* remove caching for troubleshooting

* test max parallel of 3

* up parallel

* test removing cache again

* add permissions read

* edit permissions
---
 .github/workflows/build.yml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e6ab8d44d6..c6b0ecd9d0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,6 +11,9 @@ on:
     types: [opened, synchronize]
   workflow_call:
     inputs: {}
+  
+permissions:
+  contents: read
 
 env:
   _AZ_REGISTRY: "bitwardenprod.azurecr.io"
@@ -237,18 +240,10 @@ jobs:
           fi
           echo "tags=$TAGS" >> $GITHUB_OUTPUT
 
-      - name: Generate image full name
-        id: cache-name
-        env:
-          PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
-        run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT
-
       - name: Build Docker image
         id: build-artifacts
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
-          cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }}
-          cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max
           context: .
           file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
           platforms: |
@@ -605,6 +600,7 @@ jobs:
       project: server
       pull_request_number: ${{ github.event.number }}
     secrets: inherit
+    permissions: read-all
 
   check-failures:
     name: Check for failures