Skip to content

Commit 2f9a748

Browse files
mattKorwelmattKorwel
committed
permissions
1 parent 690867e commit 2f9a748

File tree

2 files changed

+9
-27
lines changed

2 files changed

+9
-27
lines changed

.github/workflows/release-patch-1-create-pr.yml

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -56,19 +56,10 @@ jobs:
5656
git config user.name "gemini-cli-robot"
5757
git config user.email "[email protected]"
5858
59-
- name: 'Generate GitHub App Token'
60-
id: 'generate_token'
61-
uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b'
62-
with:
63-
app-id: '${{ secrets.APP_ID }}'
64-
private-key: '${{ secrets.PRIVATE_KEY }}'
65-
permission-pull-requests: 'write'
66-
permission-contents: 'write'
67-
6859
- name: 'Create Patch'
6960
id: 'create_patch'
7061
env:
71-
GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
62+
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
7263
continue-on-error: true
7364
run: |
7465
# Capture output directly to environment variable
@@ -84,7 +75,7 @@ jobs:
8475
- name: 'Comment on Original PR'
8576
if: '!inputs.dry_run && inputs.original_pr'
8677
env:
87-
GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
78+
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
8879
ORIGINAL_PR: '${{ github.event.inputs.original_pr }}'
8980
EXIT_CODE: '${{ steps.create_patch.outputs.EXIT_CODE }}'
9081
COMMIT: '${{ github.event.inputs.commit }}'

.github/workflows/release-patch-from-comment.yml

Lines changed: 7 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -19,21 +19,11 @@ jobs:
1919
with:
2020
fetch-depth: 1
2121

22-
- name: 'Generate GitHub App Token'
23-
id: 'generate_token'
24-
uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b'
25-
with:
26-
app-id: '${{ secrets.APP_ID }}'
27-
private-key: '${{ secrets.PRIVATE_KEY }}'
28-
permission-pull-requests: 'write'
29-
permission-contents: 'write'
30-
permission-actions: 'write'
31-
3222
- name: 'Slash Command Dispatch'
3323
id: 'slash_command'
3424
uses: 'peter-evans/slash-command-dispatch@40877f718dce0101edfc7aea2b3800cc192f9ed5'
3525
with:
36-
token: '${{ steps.generate_token.outputs.token }}'
26+
token: '${{ secrets.GITHUB_TOKEN }}'
3727
commands: 'patch'
3828
permission: 'write'
3929
issue-type: 'pull-request'
@@ -44,7 +34,7 @@ jobs:
4434
id: 'pr_status'
4535
if: "startsWith(github.event.comment.body, '/patch')"
4636
env:
47-
GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
37+
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
4838
run: |
4939
gh pr view "${{ github.event.issue.number }}" --json mergeCommit,state > pr_status.json
5040
echo "MERGE_COMMIT_SHA=$(jq -r .mergeCommit.oid pr_status.json)" >> "$GITHUB_OUTPUT"
@@ -57,6 +47,7 @@ jobs:
5747
env:
5848
COMMENT_BODY: '${{ github.event.comment.body }}'
5949
with:
50+
github-token: '${{ secrets.GITHUB_TOKEN }}'
6051
script: |
6152
// Parse the comment body directly to extract channel
6253
const commentBody = process.env.COMMENT_BODY;
@@ -123,7 +114,7 @@ jobs:
123114
if: "startsWith(github.event.comment.body, '/patch') && steps.pr_status.outputs.STATE != 'MERGED'"
124115
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
125116
with:
126-
token: '${{ steps.generate_token.outputs.token }}'
117+
token: '${{ secrets.GITHUB_TOKEN }}'
127118
issue-number: '${{ github.event.issue.number }}'
128119
body: |
129120
:x: The `/patch` command failed. This pull request must be merged before a patch can be created.
@@ -132,7 +123,7 @@ jobs:
132123
if: "always() && startsWith(github.event.comment.body, '/patch') && steps.dispatch_patch.outcome == 'success' && steps.dispatch_patch.outputs.dispatched_run_url"
133124
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
134125
with:
135-
token: '${{ steps.generate_token.outputs.token }}'
126+
token: '${{ secrets.GITHUB_TOKEN }}'
136127
issue-number: '${{ github.event.issue.number }}'
137128
body: |
138129
✅ **Patch workflow dispatched successfully!**
@@ -149,7 +140,7 @@ jobs:
149140
if: "always() && startsWith(github.event.comment.body, '/patch') && steps.dispatch_patch.outcome == 'success' && !steps.dispatch_patch.outputs.dispatched_run_url"
150141
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
151142
with:
152-
token: '${{ steps.generate_token.outputs.token }}'
143+
token: '${{ secrets.GITHUB_TOKEN }}'
153144
issue-number: '${{ github.event.issue.number }}'
154145
body: |
155146
✅ **Patch workflow dispatched successfully!**
@@ -166,7 +157,7 @@ jobs:
166157
if: "always() && startsWith(github.event.comment.body, '/patch') && (steps.dispatch_patch.outcome == 'failure' || steps.dispatch_patch.outcome == 'cancelled')"
167158
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
168159
with:
169-
token: '${{ steps.generate_token.outputs.token }}'
160+
token: '${{ secrets.GITHUB_TOKEN }}'
170161
issue-number: '${{ github.event.issue.number }}'
171162
body: |
172163
❌ **Patch workflow dispatch failed!**

0 commit comments

Comments
 (0)