Merge branch 'master' into master

.github/workflows/npe-x500-m3.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,10 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
+
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi0-2w-64.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi2.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi3-64.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi3-unipi-neuron.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi3.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi4-64.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi4-superhub.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi4-unipi-neuron.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while

.github/workflows/raspberrypi400-64.yml

@@ -9,10 +9,10 @@ on:
       - master
       # ESR branches glob pattern
       - 20[0-9][0-9].[0-1]?[1470].x
-  # pull_request_target:
-  #   branches:
-  #     - main
-  #     - master
+  pull_request_target:
+    branches:
+      - main
+      - master
   push:
     tags:
       # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
@@ -31,11 +31,17 @@ on:
         type: string
         default: balena-staging.com
 
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
 
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while