Remove token permissions inspection step #3065
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Template cleanup | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write | |
| concurrency: | |
| group: template-cleanup-${{github.ref}} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| template-cleanup: | |
| name: Template cleanup | |
| if: ${{github.repository != 'remal-github-actions/template-typescript'}} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Get GitHub Token | |
| id: get-token | |
| uses: remal/github-repository-token-issuer@v1 | |
| with: | |
| scopes: | | |
| contents: write | |
| workflows: write | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| token: ${{steps.get-token.outputs.token}} | |
| - name: Cleanup | |
| run: | | |
| export LC_CTYPE=C | |
| export LANG=C | |
| NAME="${GITHUB_REPOSITORY##*/}" | |
| sed -i "s/template-typescript/$NAME/g" package.json | |
| sed -i "s/%NAME%/$NAME/g" .github/template-cleanup/* | |
| sed -i "s/%REPOSITORY%/${GITHUB_REPOSITORY/\//\\/}/g" .github/template-cleanup/* | |
| cp -R .github/template-cleanup/. . | |
| rm -rf \ | |
| .github/sync-with-template-local-transformations.yml \ | |
| .github/template-cleanup \ | |
| .github/workflows/template-cleanup.yml | |
| - name: Push back | |
| id: push-back | |
| if: ${{github.event_name == 'push' && startsWith(github.ref, 'refs/heads/')}} | |
| uses: remal-github-actions/push-back@v2 | |
| with: | |
| message: 'Template cleanup' | |
| - name: Fail if the repository was changed before pushing back | |
| if: ${{steps.push-back.outputs.result == 'remote-changed'}} | |
| run: | | |
| echo "The repository was changed before pushing back" | |
| exit 1 |