FIX: Permissions issues fixed in docker-cached-build.yml (#21)

FIX: Permissions issues fixes as reported by dashboard in `docker-cached-build.yml` and `dependency-review.yml`

- Scope the write permissions per job instead of globally. That includes permissions for security-events and packages write have been moved for each job independently.
- Remove unused permissions.

FIX: GitHub workflow issues in `build-baremetal-ubuntu.yml`:

- Working directory in 2 tasks was set incorrectly.
- Add missing `"` and `;`

---------

Signed-off-by: Miłosz Linkiewicz <milosz.linkiewicz@intel.com>

Author: Mionsz

.github/workflows/build-baremetal-ubuntu.yml

@@ -88,7 +88,7 @@ jobs:
           -DCMAKE_CXX_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp"
 
     - name: 'Configure ffmpeg repository'
-      working-directory: "${BUILD_DIR}/ffmpeg"
+      working-directory: "ffmpeg"
       continue-on-error: true
       run: |
         ./configure \
@@ -106,10 +106,10 @@ jobs:
           --extra-ldflags="-fopenmp -L/opt/intel/oneapi/ipp/latest/lib -L${PREFIX}/lib" \
           --enable-cross-compile \
           --prefix="${PREFIX}" || \
-        { tail -n 100 "${BUILD_DIR}/ffmpeg/ffbuild/config.log && exit 1 }
+        { tail -n 100 "${BUILD_DIR}/ffmpeg/ffbuild/config.log" && exit 1; }
 
     - name: 'Build, install and check ffmpeg'
-      working-directory: "${BUILD_DIR}/ffmpeg"
+      working-directory: "ffmpeg"
       continue-on-error: true
       run: |
         make clean

.github/workflows/dependency-review.yml

@@ -33,9 +33,6 @@ jobs:
     runs-on: 'ubuntu-22.04'
     permissions:
       contents: read
-      packages: read
-      actions: read
-      security-events: write
     timeout-minutes: 90
     env:
       SUPER_LINTER_OUTPUT_DIRECTORY_NAME: super-linter-output

.github/workflows/docker-cached-build.yml

@@ -7,11 +7,6 @@ on:
     branches: [ "main", "dev" ]
   workflow_dispatch:
 
-permissions:
-  contents: read
-  security-events: write
-  packages: write
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
@@ -20,41 +15,65 @@ jobs:
   flex-ubuntu-2204-build:
     name: "Build Flex Ubuntu 22.04 Docker Image"
     uses: ./.github/workflows/template-docker-cached-build.yml
+    permissions:
+      security-events: write
+      packages: write
+      contents: read
     with:
       docker_file_path:  "docker/Flex/Dockerfile.ubuntu22.04"
       docker_image_name: "raisr-flex-ubuntu-22.04"
 
   xeon-ubuntu-1804-build:
     name: "Build Xeon Ubuntu 18.04 Docker Image"
     uses: ./.github/workflows/template-docker-cached-build.yml
+    permissions:
+      security-events: write
+      packages: write
+      contents: read
     with:
       docker_file_path:  "docker/Xeon/Dockerfile.ubuntu18.04"
       docker_image_name: "raisr-xeon-ubuntu-18.04"
 
   xeon-ubuntu-2004-build:
     name: "Build Xeon Ubuntu 20.04 Docker Image"
     uses: ./.github/workflows/template-docker-cached-build.yml
+    permissions:
+      security-events: write
+      packages: write
+      contents: read
     with:
       docker_file_path:  "docker/Xeon/Dockerfile.ubuntu20.04"
       docker_image_name: "raisr-xeon-ubuntu-20.04"
 
   xeon-ubuntu-2204-build:
     name: "Build Xeon Ubuntu 22.04 Docker Image"
     uses: ./.github/workflows/template-docker-cached-build.yml
+    permissions:
+      security-events: write
+      packages: write
+      contents: read
     with:
       docker_file_path:  "docker/Xeon/Dockerfile.ubuntu22.04"
       docker_image_name: "raisr-xeon-ubuntu-22.04"
 
   xeon-centos-stream9-build:
     name: "Build Xeon Centos Stream9 Docker Image"
     uses: ./.github/workflows/template-docker-cached-build.yml
+    permissions:
+      security-events: write
+      packages: write
+      contents: read
     with:
       docker_file_path:  "docker/Xeon/Dockerfile.centos9"
       docker_image_name: "raisr-xeon-centos-9"
 
   xeon-rockylinux-9-mini-build:
     name: "Build Xeon Rockylinux 9-mini Docker Image"
     uses: ./.github/workflows/template-docker-cached-build.yml
+    permissions:
+      security-events: write
+      packages: write
+      contents: read
     with:
       docker_file_path:  "docker/Xeon/Dockerfile.rockylinux9-mini"
       docker_image_name: "raisr-xeon-rockylinux-9-mini"