Merge pull request #176 from tsuyoshicho/update/permission

tsuyoshicho · Oct 2, 2021 · 1b0db04 · 1b0db04
2 parents a991640 + 3ad5abb
commit 1b0db04
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 8 deletions.
diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml
@@ -5,6 +5,9 @@ on:
   repository_dispatch:
     types: [depup]
   workflow_dispatch:
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   reviewdog:
@@ -35,4 +38,3 @@ jobs:
             This PR is auto generated by [depup workflow](https://github.com/${{ github.repository }}/actions?query=workflow%3A${{ github.workflow }}).
           branch: depup/${{ steps.depup.outputs.repo }}
           labels: "bump:minor"
-
diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
@@ -3,6 +3,8 @@ on:
   pull_request:
     types:
       - labeled
+permissions:
+  contents: write
 
 jobs:
   release-check:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,6 +5,8 @@ on:
       - master
     tags:
       - 'v*.*.*'
+permissions:
+  contents: write
 
 jobs:
   release:
@@ -41,14 +43,12 @@ jobs:
 
       # Create release.
       - name: Create release
-        uses: actions/create-release@v1
+        uses: softprops/action-gh-release@v1
         if: "steps.tag.outputs.value != ''"
-        env:
-          # This token is provided by Actions, you do not need to create your own token
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: ${{ steps.tag.outputs.value }}
-          release_name: Release ${{ steps.tag.outputs.value }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          name: Release ${{ steps.tag.outputs.value }}
           body: ${{ steps.bumpr.outputs.message }}
+          tag_name: ${{ steps.tag.outputs.value }}
           draft: false
           prerelease: false
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -4,6 +4,9 @@ on:
     branches:
       - master
   pull_request:
+permissions:
+  pull-requests: write
+
 jobs:
   shellcheck:
     name: runner / shellcheck

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,6 +4,9 @@ on:
     branches:
       - master
   pull_request:
+permissions:
+  pull-requests: write
+
 jobs:
   test-check:
     name: runner / textlint (github-check)
@@ -51,4 +54,3 @@ jobs:
           github_token: ${{ secrets.github_token }}
           reporter: github-pr-review
           textlint_flags: "doc/**"
-
diff --git a/.github/workflows/update_semver.yml b/.github/workflows/update_semver.yml
@@ -5,6 +5,9 @@ on:
       - '**'
     tags:
       - 'v*.*.*'
+permissions:
+  contents: write
+
 jobs:
   update-semver:
     runs-on: ubuntu-latest