Testing changes to workflows

apexskier · Dec 26, 2023 · a7fc434 · a7fc434
1 parent 53bcac9
commit a7fc434
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,6 +8,9 @@ jobs:
   release:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -27,15 +30,15 @@ jobs:
 
       - name: Tag
         if: ${{ !steps.semver.outputs.prerelease && steps.semver.outputs.version }}
-        uses: richardsimko/update-tag@v1.0.4
+        uses: richardsimko/update-tag@v1.0.11
         with:
           tag_name: ${{ format('v{0}', steps.semver.outputs.major) }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Tag latest
         if: ${{ !steps.semver.outputs.prerelease && steps.semver.outputs.version }}
-        uses: richardsimko/update-tag@v1.0.4
+        uses: richardsimko/update-tag@v1.0.11
         with:
           tag_name: latest
         env:

diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -9,6 +9,9 @@ jobs:
   release:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+
     steps:
       - name: Get the version
         id: version
@@ -22,10 +25,7 @@ jobs:
 
       - name: Release
         if: ${{ steps.semver.outputs.version }}
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_GH_TOKEN }}
+        uses: softprops/action-gh-release@v1
         with:
           tag_name: ${{ steps.version.outputs.VERSION }}
-          release_name: ${{ steps.version.outputs.VERSION }}
           prerelease: ${{ !!steps.semver.outputs.prerelease }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -4,6 +4,14 @@
 
 Create a new tag, following semver and prefixed with `v`. On push, workflows will create associated tags and releases. After the release is created, edit it through GitHub and make sure "Publish this Action to the GitHub Marketplace" is checked.
 
+## Credential creation
+
+`DEPENDABOT_GITHUB_TOKEN`:
+
+* Actions: Access: Read and write
+* Contents: Access: Read and write
+* Metadata: Access: Read-only
+
 ## Notes
 
 I use `.split(search).join(replace)` instead of `.replace(search, replace)` to avoid unintentional behavior to to `.replace`'s [replacement string semantics](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace#specifying_a_string_as_the_replacement).