Skip to content

Commit b8dea4a

Browse files
dsanders11dsanders11
authored
ci: fix up releases workflow (#1778)
1 parent f73ea70 commit b8dea4a

File tree

1 file changed

+13
-2
lines changed

1 file changed

+13
-2
lines changed

.github/workflows/release.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ on:
55
tags:
66
- 'v*'
77

8+
permissions: {}
9+
810
jobs:
911
build:
1012
name: Build
@@ -27,6 +29,9 @@ jobs:
2729
- os: windows-latest
2830
arch: ia32
2931
runs-on: "${{ matrix.os }}"
32+
permissions:
33+
actions: write
34+
contents: read
3035
environment: release
3136
steps:
3237
- run: git config --global core.autocrlf input
@@ -42,6 +47,8 @@ jobs:
4247
architecture: ${{ startsWith(matrix.os, 'macos-') && matrix.arch == 'x64' && 'x64' || env.RUNNER_ARCH }}
4348
- run: yarn install --immutable
4449
- run: yarn run contributors
50+
env:
51+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4552
- run: yarn run electron-releases
4653
- name: Install dependencies (Linux)
4754
if: ${{ startsWith(matrix.os, 'ubuntu-') }}
@@ -54,7 +61,7 @@ jobs:
5461
run: chmod +x tools/add-macos-cert.sh && . ./tools/add-macos-cert.sh
5562
- name: Write authentication cert to disk (Windows)
5663
if: ${{ startsWith(matrix.os, 'windows-') }}
57-
shell: powershell.exe
64+
shell: powershell
5865
env:
5966
SM_CLIENT_CERT_P12_BASE64: ${{ secrets.SM_CLIENT_CERT_P12_BASE64 }}
6067
run: |
@@ -63,7 +70,7 @@ jobs:
6370
Add-Content -Path $Profile.CurrentUserAllHosts -Value "`$env:SM_CLIENT_CERT_FILE = '$SM_CLIENT_CERT_FILE'"
6471
[IO.File]::WriteAllBytes($SM_CLIENT_CERT_FILE, [Convert]::FromBase64String($env:SM_CLIENT_CERT_P12_BASE64))
6572
- name: Signing Manager Setup (Windows)
66-
shell: powershell.exe
73+
shell: powershell
6774
if: ${{ startsWith(matrix.os, 'windows-') }}
6875
env:
6976
CERT_FINGERPRINT: ${{ secrets.CERT_FINGERPRINT }}
@@ -106,6 +113,8 @@ jobs:
106113
- build
107114
- test
108115
environment: release
116+
permissions:
117+
contents: read
109118
steps:
110119
- run: git config --global core.autocrlf input
111120
- name: Checkout
@@ -135,6 +144,8 @@ jobs:
135144
name: Notify Sentry Deploy
136145
runs-on: ubuntu-latest
137146
needs: release
147+
permissions:
148+
actions: read
138149
steps:
139150
- name: Download source maps artifact
140151
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0

0 commit comments

Comments
 (0)