diff options
| author | seth <[email protected]> | 2023-10-13 11:23:07 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-10-13 11:23:07 -0400 |
| commit | fb4c58c3134dd16a48717371a749b49ce6ca0eca (patch) | |
| tree | ab640d940a1a2e64fae4a21d8fc55b96d316e25d /.github/workflows | |
| parent | ebf1c99f140c5df55cedc81f24e37d7ba538ba82 (diff) | |
actions: use GH_TOKEN for gh & scope permissions to jobs
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/autobot.yaml | 12 | ||||
| -rw-r--r-- | .github/workflows/update-lock.yaml | 10 | ||||
| -rw-r--r-- | .github/workflows/upload.yaml | 6 |
3 files changed, 15 insertions, 13 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index 9dc8df3..792158a 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -2,14 +2,16 @@ name: auto-merge dependabot on: pull_request -permissions: - contents: write - pull-requests: write - jobs: automerge: runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + if: github.actor == 'dependabot[bot]' + steps: - uses: dependabot/fetch-metadata@v1 id: metadata @@ -21,4 +23,4 @@ jobs: run: gh pr merge --auto --rebase "$PR" env: PR: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} + GH_TOKEN: ${{ secrets.MERGE_TOKEN }} diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml index 9e3301d..6603616 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-lock.yaml @@ -6,14 +6,14 @@ on: - cron: "0 0 * * 6" workflow_dispatch: -permissions: - contents: write - pull-requests: write - jobs: update: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main @@ -30,5 +30,5 @@ jobs: shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GITHUB_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/.github/workflows/upload.yaml b/.github/workflows/upload.yaml index 93888d7..26f366a 100644 --- a/.github/workflows/upload.yaml +++ b/.github/workflows/upload.yaml @@ -8,13 +8,13 @@ on: - main workflow_dispatch: -permissions: - packages: write - jobs: upload: runs-on: ubuntu-latest + permissions: + packages: write + env: REGISTRY: ghcr.io USERNAME: getchoo |