From 93b49966049cce2876cbc24561fd0b41a12850a4 Mon Sep 17 00:00:00 2001
From: Alexa Bird <alexa.bird@octo.us>
Date: Wed, 18 Feb 2026 15:29:04 -0700
Subject: [PATCH 1/2] Configure maven settings for full build

---
 .github/workflows/ci.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index febae5b1b53..9183ee663b8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -98,6 +98,21 @@ jobs:
           distribution: 'temurin'
           cache: maven
 
+      - name: Configure Maven settings
+        uses: s4u/maven-settings-action@v3.0.0
+        with:
+          servers: |
+            [{
+              "id": "codice",
+              "username": "${{ github.actor }}",
+              "password": "${{ secrets.READ_PACKAGES }}"
+            },
+            {
+              "id": "connexta",
+              "username": "${{ github.actor }}",
+              "password": "${{ secrets.READ_PACKAGES }}"
+            }]
+
       - name: Full build (excluding itests)
         run: mvn clean install $MAVEN_CLI_OPTS -P !itests
 

From 9f4ebf8e1d20092b50c4a52ae0484e3de6f6ffeb Mon Sep 17 00:00:00 2001
From: Jay McNallie <jay.mcnallie@decisivellc.us>
Date: Thu, 19 Feb 2026 10:42:19 -0700
Subject: [PATCH 2/2] Add packages write permission to deploy job

The deploy job needs write access to GitHub Packages but the
top-level workflow permission only grants read. This caused a
403 Forbidden when deploying artifacts.
---
 .github/workflows/ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9183ee663b8..b70d235a5bb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -268,6 +268,8 @@ jobs:
       needs.dependency-check.result == 'success'
     runs-on: ubuntu-latest
     environment: production
+    permissions:
+      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4