Skip to content

Commit dbe8919

Browse files
authored
Merge pull request #182 from IBM/workflow-fixes
fix(CI): use PAT instead of GH Action Drive
2 parents bfdef9f + f42b071 commit dbe8919

2 files changed

Lines changed: 3 additions & 18 deletions

File tree

.github/workflows/build.yaml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -86,13 +86,6 @@ jobs:
8686
needs: build
8787
runs-on: ubuntu-latest
8888

89-
# Explicit least privilege
90-
permissions:
91-
contents: write
92-
issues: write
93-
pull-requests: write
94-
id-token: write
95-
9689
concurrency:
9790
group: release-${{ github.ref }}
9891
cancel-in-progress: true
@@ -169,7 +162,7 @@ jobs:
169162
170163
- name: Run semantic-release
171164
env:
172-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
165+
GH_TOKEN: ${{ secrets.GH_TOKEN }}
173166
run: npx semantic-release
174167

175168
- name: Notify Slack - Release Failed

.github/workflows/publish.yaml

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,24 +11,16 @@ on:
1111
workflow_dispatch:
1212
# Allow this workflow to be triggered manually
1313

14-
# Default permissions: read-only
15-
permissions:
16-
contents: read
17-
1814
jobs:
1915
publish-release:
2016
name: publish-release
2117
runs-on: ubuntu-latest
22-
23-
# Explicit least privilege
24-
permissions:
25-
contents: write
2618

2719
steps:
2820
- name: Checkout repository
2921
uses: actions/checkout@v4
3022
with:
31-
token: ${{ secrets.GITHUB_TOKEN }}
23+
persist-credentials: false
3224

3325
- name: Setup Java
3426
uses: actions/setup-java@v4
@@ -49,7 +41,7 @@ jobs:
4941

5042
- name: Publish Javadocs
5143
env:
52-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
44+
GH_TOKEN: ${{ secrets.GH_TOKEN }}
5345
GH_REPO_SLUG: ${{ github.repository }}
5446
GH_TAG: ${{ github.ref_name}}
5547
run: |

0 commit comments

Comments
 (0)