diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4c390b452..c58a50ff0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -204,7 +204,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 permissions: - contents: read + contents: write needs: [build] @@ -236,7 +236,7 @@ jobs: - name: Publish GitHub release notes env: - GH_RELEASE_NOTES_TOKEN: ${{ secrets.release_notes }} + GH_RELEASE_NOTES_TOKEN: ${{ github.token }} run: | sudo apt-get install pandoc tox -e publish-gh-release-notes diff --git a/.github/workflows/prepare-release-pr.yml b/.github/workflows/prepare-release-pr.yml index 7a610638a..91977f5b2 100644 --- a/.github/workflows/prepare-release-pr.yml +++ b/.github/workflows/prepare-release-pr.yml @@ -19,7 +19,8 @@ jobs: build: runs-on: ubuntu-latest permissions: - contents: read + contents: write + pull-requests: write steps: - uses: actions/checkout@v2 @@ -40,9 +41,9 @@ jobs: - name: Prepare release PR (minor/patch release) if: github.event.inputs.major == 'no' run: | - tox -e prepare-release-pr -- ${{ github.event.inputs.branch }} ${{ secrets.chatops }} + tox -e prepare-release-pr -- ${{ github.event.inputs.branch }} ${{ github.token }} - name: Prepare release PR (major release) if: github.event.inputs.major == 'yes' run: | - tox -e prepare-release-pr -- ${{ github.event.inputs.branch }} ${{ secrets.chatops }} --major + tox -e prepare-release-pr -- ${{ github.event.inputs.branch }} ${{ github.token }} --major diff --git a/.github/workflows/release-on-comment.yml b/.github/workflows/release-on-comment.yml index cca908aa6..32d221552 100644 --- a/.github/workflows/release-on-comment.yml +++ b/.github/workflows/release-on-comment.yml @@ -14,7 +14,8 @@ jobs: build: runs-on: ubuntu-latest permissions: - contents: read + contents: write + issues: write if: (github.event.comment && startsWith(github.event.comment.body, '@pytestbot please')) || (github.event.issue && !github.event.comment && startsWith(github.event.issue.body, '@pytestbot please')) @@ -36,4 +37,4 @@ jobs: - name: Prepare release run: | - tox -e release-on-comment -- $GITHUB_EVENT_PATH ${{ secrets.chatops }} + tox -e release-on-comment -- $GITHUB_EVENT_PATH ${{ github.token }} diff --git a/scripts/prepare-release-pr.py b/scripts/prepare-release-pr.py index 5ba174f23..ca5ed411a 100644 --- a/scripts/prepare-release-pr.py +++ b/scripts/prepare-release-pr.py @@ -9,9 +9,8 @@ The appropriate version will be obtained based on the given branch automatically After that, it will create a release using the `release` tox environment, and push a new PR. -**Secret**: currently the secret is defined in the @pytestbot account, -which the core maintainers have access to. There we created a new secret named `chatops` -with write access to the repository. +**Token**: currently the token from the GitHub Actions is used, pushed with +`pytest bot ` commit author. """ import argparse import re diff --git a/scripts/release-on-comment.py b/scripts/release-on-comment.py index f33def3ef..d5996aa40 100644 --- a/scripts/release-on-comment.py +++ b/scripts/release-on-comment.py @@ -23,8 +23,8 @@ Then the appropriate version will be obtained based on the given branch name: After that, it will create a release using the `release` tox environment, and push a new PR. -**Secret**: currently the secret is defined in the @pytestbot account, which the core maintainers -have access to. There we created a new secret named `chatops` with write access to the repository. +**Token**: currently the token from the GitHub Actions is used, pushed with +`pytest bot ` commit author. """ import argparse import json