Skip to content

Commit 2d419e5

Browse files
GeekMasherGeekMasher
committed
fix(ci): Update Permissions + Secrets used
1 parent 5c53638 commit 2d419e5

File tree

1 file changed

+12
-4
lines changed

1 file changed

+12
-4
lines changed

.github/workflows/publish.yml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
3333
- name: "Check and publish codeql-LANG-queries (src) pack"
3434
env:
35-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
35+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3636
run: |
3737
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-queries/versions --jq '.[0].metadata.container.tags[0]')
3838
CURRENT_VERSION=$(grep version ${{ matrix.language }}/src/qlpack.yml | awk '{print $2}')
@@ -69,7 +69,7 @@ jobs:
6969
7070
- name: "Check and publish codeql-LANG-libs (lib) pack"
7171
env:
72-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
72+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
7373
run: |
7474
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-libs/versions --jq '.[0].metadata.container.tags[0]')
7575
CURRENT_VERSION=$(grep version ${{ matrix.language }}/lib/qlpack.yml | awk '{print $2}')
@@ -84,6 +84,10 @@ jobs:
8484
extensions:
8585
runs-on: ubuntu-latest
8686

87+
permissions:
88+
contents: read
89+
packages: write
90+
8791
strategy:
8892
fail-fast: false
8993
matrix:
@@ -102,7 +106,7 @@ jobs:
102106
103107
- name: Check and publish codeql-LANG-extensions (ext) pack
104108
env:
105-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
109+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
106110
run: |
107111
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-extensions/versions --jq '.[0].metadata.container.tags[0]')
108112
CURRENT_VERSION=$(grep version ${{ matrix.language }}/ext/qlpack.yml | awk '{print $2}')
@@ -117,6 +121,10 @@ jobs:
117121
library_sources_extensions:
118122
runs-on: ubuntu-latest
119123

124+
permissions:
125+
contents: read
126+
packages: write
127+
120128
strategy:
121129
fail-fast: false
122130
matrix:
@@ -135,7 +143,7 @@ jobs:
135143
136144
- name: Check and publish codeql-LANG-library-sources (ext-library-sources) pack
137145
env:
138-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
146+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
139147
run: |
140148
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-library-sources/versions --jq '.[0].metadata.container.tags[0]')
141149
CURRENT_VERSION=$(grep version ${{ matrix.language }}/ext-library-sources/qlpack.yml | awk '{print $2}')

0 commit comments

Comments
 (0)