Skip to content

Commit ecf6147

Browse files
wileyjwileyj
authored
Merge pull request #5976 from BowTiedDevOps/chore/replace-github-secret-in-ci
Update ci workflow
2 parents cd9bbab + 2329139 commit ecf6147

File tree

2 files changed

+6
-21
lines changed

2 files changed

+6
-21
lines changed

.github/workflows/ci.yml

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -102,22 +102,6 @@ jobs:
102102
signer_docker_tag: ${{ needs.check-release.outputs.signer_docker_tag }}
103103
is_node_release: ${{ needs.check-release.outputs.is_node_release }}
104104
is_signer_release: ${{ needs.check-release.outputs.is_signer_release }}
105-
secrets: inherit
106-
107-
## Build and push Debian image built from source
108-
##
109-
## Runs when:
110-
## - it is not a node or signer-only release run
111-
docker-image:
112-
if: |
113-
needs.check-release.outputs.is_node_release != 'true' ||
114-
needs.check-release.outputs.is_signer_release != 'true'
115-
name: Docker Image (Source)
116-
uses: ./.github/workflows/image-build-source.yml
117-
needs:
118-
- rustfmt
119-
- check-release
120-
secrets: inherit
121105

122106
## Create a reusable cache for tests
123107
##

.github/workflows/github-release.yml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,6 @@ on:
2929
description: "True if it is a signer release"
3030
required: true
3131
type: string
32-
secrets:
33-
GH_TOKEN:
34-
required: true
3532

3633
concurrency:
3734
group: github-release-${{ github.head_ref || github.ref }}
@@ -95,6 +92,8 @@ jobs:
9592
runs-on: ubuntu-latest
9693
needs:
9794
- build-binaries
95+
permissions:
96+
contents: write
9897
steps:
9998
## Creates releases
10099
- name: Create Release
@@ -106,7 +105,7 @@ jobs:
106105
signer_docker_tag: ${{ inputs.signer_docker_tag }}
107106
is_node_release: ${{ inputs.is_node_release }}
108107
is_signer_release: ${{ inputs.is_signer_release }}
109-
GH_TOKEN: ${{ secrets.GH_TOKEN }}
108+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
110109

111110

112111
## Builds arch dependent Docker images from binaries
@@ -156,9 +155,11 @@ jobs:
156155
- build-binaries
157156
- create-release
158157
- docker-image
158+
permissions:
159+
pull-requests: write
159160
steps:
160161
- name: Open Downstream PR
161162
id: create-pr
162163
uses: stacks-network/actions/stacks-core/release/downstream-pr@main
163164
with:
164-
token: ${{ secrets.GH_TOKEN }}
165+
token: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)