Skip to content

Commit

Permalink
fix: give release integration workflow correct permissions and secrets (
Browse files Browse the repository at this point in the history
  • Loading branch information
lukekarrys authored Nov 28, 2023
1 parent 3d76fc4 commit 9b22b83
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 2 deletions.
4 changes: 3 additions & 1 deletion .github/workflows/release-integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ on:
required: true
type: string
description: 'A json array of releases. Required fields: publish: tagName, publishTag. publish check: pkgName, version'
secrets:
PUBLISH_TOKEN:
required: true

jobs:
publish:
Expand All @@ -24,7 +27,6 @@ jobs:
run:
shell: bash
permissions:
deployments: write
id-token: write
steps:
- name: Checkout
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,10 @@ jobs:
name: Release Integration
if: needs.release.outputs.releases
uses: ./.github/workflows/release-integration.yml
permissions:
id-token: write
secrets:
PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
with:
releases: ${{ needs.release.outputs.releases }}

Expand Down
1 change: 0 additions & 1 deletion lib/content/_job-release-integration-yml.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ defaults:
shell: bash
{{#if publish}}
permissions:
deployments: write
id-token: write
{{/if}}
steps:
Expand Down
5 changes: 5 additions & 0 deletions lib/content/release-integration-yml.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ on:
required: true
type: string
description: 'A json array of releases. Required fields: publish: tagName, publishTag. publish check: pkgName, version'
{{#if publish}}
secrets:
PUBLISH_TOKEN:
required: true
{{/if}}

jobs:
publish:
Expand Down
6 changes: 6 additions & 0 deletions lib/content/release-yml.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,12 @@ jobs:
name: Release Integration
if: needs.release.outputs.releases
uses: ./.github/workflows/release-integration.yml
{{#if publish}}
permissions:
id-token: write
secrets:
PUBLISH_TOKEN: $\{{ secrets.PUBLISH_TOKEN }}
{{/if}}
with:
releases: $\{{ needs.release.outputs.releases }}

Expand Down

0 comments on commit 9b22b83

Please sign in to comment.