diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 25713b447..e54111b9c 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - token: ${{ secrets.NGINX_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} - name: Set release branch variable id: branch @@ -35,6 +35,5 @@ jobs: uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10 with: branch: ${{ steps.branch.outputs.branch }} - token: ${{ secrets.NGINX_PAT }} - author: nginx-bot + token: ${{ secrets.GITHUB_TOKEN }} title: "[cherry-pick] {old_title}" diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml index aa46d8264..074a0e8c5 100644 --- a/.github/workflows/create-release-branch.yml +++ b/.github/workflows/create-release-branch.yml @@ -66,4 +66,4 @@ jobs: git push --dry-run origin "${branch}" fi env: - GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 102421650..31ae5b2f3 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -47,6 +47,7 @@ jobs: release: permissions: contents: write + pull-requests: write runs-on: ubuntu-22.04 steps: - name: Branch @@ -60,7 +61,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ steps.branch.outputs.branch }} - token: ${{ secrets.NGINX_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} - name: Replace run: | @@ -72,10 +73,9 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: - token: ${{ secrets.NGINX_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} commit-message: Release ${{ github.event.inputs.new_version }} title: Release ${{ github.event.inputs.new_version }} branch: docs/release-${{ github.event.inputs.new_version }} - author: nginx-bot body: | This automated PR updates the docs for ${{ github.event.inputs.new_version }} release. diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 64cae910d..5468183fb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -122,7 +122,7 @@ jobs: echo "Warning: Tag ${tag} already exists. Not making any changes" fi env: - GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} mend: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'mend') }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 93f0d2ff4..5a489f642 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -38,7 +38,7 @@ jobs: with: results_file: results.sarif results_format: sarif - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + repo_token: ${{ secrets.GITHUB_TOKEN }} # Publish the results for public repositories to enable scorecard badges. For more details, see # https://github.com/ossf/scorecard-action#publishing-results. diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml index 8858a5c6f..fb2a03f99 100644 --- a/.github/workflows/update-docker-sha.yml +++ b/.github/workflows/update-docker-sha.yml @@ -46,6 +46,7 @@ jobs: update-docker-sha: permissions: contents: write + pull-requests: write runs-on: ubuntu-22.04 needs: [vars] steps: @@ -79,7 +80,7 @@ jobs: uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 id: pr with: - token: ${{ secrets.NGINX_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update docker images ${{ steps.update_images.outputs.docker_md5 }} title: Docker image update ${{ steps.update_images.outputs.docker_md5 }} branch: deps/image-update-${{ needs.vars.outputs.source_branch }}-${{ steps.update_images.outputs.docker_md5 }} @@ -96,5 +97,5 @@ jobs: run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{ steps.pr.outputs.pull-request-url }} - GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} if: ${{ !inputs.dry_run && steps.update_images.outputs.change_detected == 'true' }} diff --git a/.github/workflows/update-kubernetes-version.yml b/.github/workflows/update-kubernetes-version.yml index a50359455..7128f20b6 100644 --- a/.github/workflows/update-kubernetes-version.yml +++ b/.github/workflows/update-kubernetes-version.yml @@ -45,7 +45,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: - token: ${{ secrets.NGINX_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} commit-message: update kubernetes version to ${{ steps.k8s-version.outputs.version }} in helm schema title: update kubernetes version to ${{ steps.k8s-version.outputs.version }} in helm schema branch: chore/k8s-${{ steps.k8s-version.outputs.version }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 6489a2dea..f5efd9a21 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -27,6 +27,7 @@ jobs: version-bump: permissions: contents: write + pull-requests: write runs-on: ubuntu-22.04 steps: - name: Checkout Repository @@ -50,11 +51,10 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: - token: ${{ secrets.NGINX_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} commit-message: Version Bump for ${{ github.event.inputs.ic_version }} title: Version Bump for ${{ github.event.inputs.ic_version }} branch: chore/version-bump-${{ github.event.inputs.ic_version }} - author: nginx-bot labels: chore body: | This automated PR updates the NIC & Helm chart versions for the upcoming ${{ github.event.inputs.ic_version }} release.