From 3ad5abbe3bd5e37039707836385bc6271375f750 Mon Sep 17 00:00:00 2001 From: Tsuyoshi CHO Date: Sat, 2 Oct 2021 21:11:59 +0900 Subject: [PATCH] Update Permission --- .github/workflows/depup.yml | 4 +++- .github/workflows/release-check.yml | 2 ++ .github/workflows/release.yml | 12 ++++++------ .github/workflows/reviewdog.yml | 3 +++ .github/workflows/test.yml | 4 +++- .github/workflows/update_semver.yml | 3 +++ 6 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml index 4b2cfd6..d714d77 100644 --- a/.github/workflows/depup.yml +++ b/.github/workflows/depup.yml @@ -5,6 +5,9 @@ on: repository_dispatch: types: [depup] workflow_dispatch: +permissions: + contents: write + pull-requests: write jobs: reviewdog: @@ -35,4 +38,3 @@ jobs: This PR is auto generated by [depup workflow](https://github.com/${{ github.repository }}/actions?query=workflow%3A${{ github.workflow }}). branch: depup/${{ steps.depup.outputs.repo }} labels: "bump:minor" - diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index 26f9bad..921e5f8 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -3,6 +3,8 @@ on: pull_request: types: - labeled +permissions: + contents: write jobs: release-check: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5b5608f..5fb7491 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,8 @@ on: - master tags: - 'v*.*.*' +permissions: + contents: write jobs: release: @@ -41,14 +43,12 @@ jobs: # Create release. - name: Create release - uses: actions/create-release@v1 + uses: softprops/action-gh-release@v1 if: "steps.tag.outputs.value != ''" - env: - # This token is provided by Actions, you do not need to create your own token - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - tag_name: ${{ steps.tag.outputs.value }} - release_name: Release ${{ steps.tag.outputs.value }} + token: ${{ secrets.GITHUB_TOKEN }} + name: Release ${{ steps.tag.outputs.value }} body: ${{ steps.bumpr.outputs.message }} + tag_name: ${{ steps.tag.outputs.value }} draft: false prerelease: false diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 0dbc082..c53d489 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -4,6 +4,9 @@ on: branches: - master pull_request: +permissions: + pull-requests: write + jobs: shellcheck: name: runner / shellcheck diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c4825ef..d476b74 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,6 +4,9 @@ on: branches: - master pull_request: +permissions: + pull-requests: write + jobs: test-check: name: runner / textlint (github-check) @@ -51,4 +54,3 @@ jobs: github_token: ${{ secrets.github_token }} reporter: github-pr-review textlint_flags: "doc/**" - diff --git a/.github/workflows/update_semver.yml b/.github/workflows/update_semver.yml index c9aae4a..7738109 100644 --- a/.github/workflows/update_semver.yml +++ b/.github/workflows/update_semver.yml @@ -5,6 +5,9 @@ on: - '**' tags: - 'v*.*.*' +permissions: + contents: write + jobs: update-semver: runs-on: ubuntu-latest