rudderlabs
diff --git a/‎…/workflows/.release-please-manifest.json‎ ‎.github/.release-please-manifest.json‎.github/workflows/.release-please-manifest.json renamed to .github/.release-please-manifest.json b/‎…/workflows/.release-please-manifest.json‎ ‎.github/.release-please-manifest.json‎.github/workflows/.release-please-manifest.json renamed to .github/.release-please-manifest.json
diff --git a/‎…hub/workflows/release-please-config.json‎ ‎.github/release-please-config.json‎.github/workflows/release-please-config.json renamed to .github/release-please-config.json b/‎…hub/workflows/release-please-config.json‎ ‎.github/release-please-config.json‎.github/workflows/release-please-config.json renamed to .github/release-please-config.json
diff --git a/‎.github/workflows/release-please.yaml‎
Lines changed: 19 additions & 10 deletions b/‎.github/workflows/release-please.yaml‎
Lines changed: 19 additions & 10 deletions
@@ -4,31 +4,40 @@ on:
       - "release/*"
       - "main"
 name: release-please
+
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
         with:
           egress-policy: audit
 
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=$(echo "${GITHUB_REF#refs/heads/}")" >> $GITHUB_OUTPUT
+        id: extract_branch
+
       - name: Generate GitHub App Token
         id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ vars.RELEASE_APP_ID }}
           private-key: ${{ secrets.RELEASE_PRIVATE_KEY }}
-          permission-contents: write # to create release commits and tags
-          permission-pull-requests: write # to create release PRs
+          permission-contents: write
+          permission-pull-requests: write
 
-      - name: Extract branch name
-        shell: bash
-        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
-        id: extract_branch
       - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           target-branch: ${{ steps.extract_branch.outputs.branch }}
-          config-file: .github/workflows/release-please-config.json
-          manifest-file: .github/workflows/.release-please-manifest.json
+          config-file: .github/release-please-config.json
+          manifest-file: .github/.release-please-manifest.json