Fix authorization issue when creating a GitHub release.

aholmes · web-flow · commit ba7a8d9a38a6 · 2023-10-26T12:23:28.000-07:00
The envvar `GITHUB_TOKEN` that is defined for the step that runs `gh release up` must also be defined for the step that runs `gh release create`. This change removes the definition from the step, and adds it to the job so that the envvar is available to all steps in the job. This fixes the authorization issue that can be seen [here](https://github.com/uclahs-cds/BL_Python/actions/runs/6658013371/job/18093994984). Note: the output of the Action specifies `GH_TOKEN`, but in fact either `GH_TOKEN` or `GITHUB_TOKEN` can be defined per [gh environment](https://cli.github.com/manual/gh_help_environment).
diff --git a/source/guides/github-actions-ci-cd-sample/publish-to-test-pypi.yml b/source/guides/github-actions-ci-cd-sample/publish-to-test-pypi.yml
@@ -61,6 +61,9 @@ jobs:
       contents: write  # IMPORTANT: mandatory for making GitHub Releases
       id-token: write  # IMPORTANT: mandatory for sigstore
 
+    env:
+      GITHUB_TOKEN: ${{ github.token }}
+
     steps:
     - name: Download all the dists
       uses: actions/download-artifact@v3
@@ -80,8 +83,6 @@ jobs:
         --repo '${{ github.repository }}'
         --notes ""
     - name: Upload artifact signatures to GitHub Release
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
       # Upload to GitHub Release using the `gh` CLI.
       # `dist/` contains the built packages, and the
       # sigstore-produced signatures and certificates.
