diff --git a/.github/workflows/actions_template_sync.yml b/.github/workflows/actions_template_sync.yml index 2aff5eca..7e8b6c23 100644 --- a/.github/workflows/actions_template_sync.yml +++ b/.github/workflows/actions_template_sync.yml @@ -10,6 +10,9 @@ on: jobs: repo-sync: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 96f73752..3a2dfcf8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,6 +13,9 @@ jobs: call_test_all: uses: ./.github/workflows/test_all.yml secrets: inherit + permissions: + contents: write + pull-requests: write call_release_please: needs: - call_shellcheck diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 73776b36..423838c5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,7 +11,9 @@ on: jobs: test-implementation-job: runs-on: ubuntu-latest - + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository - name: Checkout diff --git a/.github/workflows/test_all.yml b/.github/workflows/test_all.yml index 81618da3..d044ac5d 100644 --- a/.github/workflows/test_all.yml +++ b/.github/workflows/test_all.yml @@ -12,12 +12,24 @@ jobs: call_test_hooks: uses: ./.github/workflows/test_hooks.yml secrets: inherit + permissions: + contents: write + pull-requests: write call_test_ssh_gitlab: uses: ./.github/workflows/test_ssh_gitlab.yml secrets: inherit + permissions: + contents: write + pull-requests: write call_test_ssh: uses: ./.github/workflows/test_ssh.yml secrets: inherit + permissions: + contents: write + pull-requests: write call_test: uses: ./.github/workflows/test.yml secrets: inherit + permissions: + contents: write + pull-requests: write diff --git a/.github/workflows/test_hooks.yml b/.github/workflows/test_hooks.yml index 85025b7c..478fd715 100644 --- a/.github/workflows/test_hooks.yml +++ b/.github/workflows/test_hooks.yml @@ -11,7 +11,9 @@ on: jobs: test-implementation-job: runs-on: ubuntu-latest - + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository - name: Checkout diff --git a/.github/workflows/test_ssh.yml b/.github/workflows/test_ssh.yml index 237093d7..a1fa6516 100644 --- a/.github/workflows/test_ssh.yml +++ b/.github/workflows/test_ssh.yml @@ -11,7 +11,9 @@ on: jobs: test-implementation-job: runs-on: ubuntu-latest - + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository - name: Checkout diff --git a/.github/workflows/test_ssh_gitlab.yml b/.github/workflows/test_ssh_gitlab.yml index f8f5bbcd..b704158e 100644 --- a/.github/workflows/test_ssh_gitlab.yml +++ b/.github/workflows/test_ssh_gitlab.yml @@ -11,7 +11,9 @@ on: jobs: test-implementation-job: runs-on: ubuntu-latest - + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository - name: Checkout diff --git a/README.md b/README.md index 19c3b71c..43c2f335 100644 --- a/README.md +++ b/README.md @@ -79,13 +79,20 @@ on: jobs: repo-sync: runs-on: ubuntu-latest + # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1.1.3 + uses: AndreasAugustin/actions-template-sync@v1.1.8 with: github_token: ${{ secrets.GITHUB_TOKEN }} source_repo_path: @@ -117,12 +124,14 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: token: ${{ steps.generate_token.outputs.token }} + - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1.1.3 + uses: AndreasAugustin/actions-template-sync@v1.1.8 with: github_token: ${{ steps.generate_token.outputs.token }} source_repo_path: @@ -144,13 +153,20 @@ It is also possible to use a different git provider, e.g. GitLab. jobs: repo-sync: runs-on: ubuntu-latest + # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs + permissions: + contents: write + pull-requests: write steps: # To use this repository's private action, you must check out the repository - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1.1.3 + uses: AndreasAugustin/actions-template-sync@v1.1.8 with: github_token: ${{ secrets.GITHUB_TOKEN }} source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # , should be within secrets @@ -197,14 +213,13 @@ jobs: steps: # To use this repository's private action, you must check out the repository - - - name: Checkout - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 with: token: ${{ secrets.CUSTOM_GITHUB_PAT }} - - - name: Test action step PAT - uses: AndreasAugustin/actions-template-sync@v1.1.0 + + - name: Test action step PAT + uses: AndreasAugustin/actions-template-sync@v1.1.8 with: github_token: ${{ secrets.CUSTOM_GITHUB_PAT }} source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # , should be within secrets