From cbe83f7a0189c6e2fd8b70d1517b0a325b92bdf9 Mon Sep 17 00:00:00 2001 From: Ewan Harris Date: Mon, 26 Feb 2024 15:25:01 +0000 Subject: [PATCH] ci(publish): make contents write and fix secrets reference Signed-off-by: Ewan Harris --- .github/workflows/publish.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index afa1545d..978a5073 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -10,7 +10,7 @@ on: ### TODO: Also remove `get-prerelease`, `get-version`, `release-create`, `tag-create` and `tag-exists` actions from this repo's .github/actions folder once the repo is public. permissions: - contents: read + contents: write id-token: write # Required for trusted publishing to PyPI jobs: @@ -42,7 +42,7 @@ jobs: - id: get_release_notes uses: ./.github/actions/get-release-notes with: - token: ${{ secrets.github-token }} + token: ${{ secrets.GITHUB_TOKEN }} version: ${{ steps.get_version.outputs.version }} repo_owner: ${{ github.repository_owner }} repo_name: ${{ github.event.repository.name }} @@ -52,7 +52,7 @@ jobs: uses: ./.github/actions/tag-exists with: tag: ${{ steps.get_version.outputs.version }} - token: ${{ secrets.github-token }} + token: ${{ secrets.GITHUB_TOKEN }} # If the tag already exists, exit with an error - if: steps.tag_exists.outputs.exists == 'true' @@ -83,9 +83,9 @@ jobs: # Create a release for the tag - uses: ./.github/actions/release-create with: - token: ${{ secrets.github-token }} + token: ${{ secrets.GITHUB_TOKEN }} name: ${{ steps.get_version.outputs.version }} body: ${{ steps.get_release_notes.outputs.release-notes }} tag: ${{ steps.get_version.outputs.version }} commit: ${{ github.sha }} - prerelease: ${{ steps.get_prerelease.outputs.prerelease }} \ No newline at end of file + prerelease: ${{ steps.get_prerelease.outputs.prerelease }}