Skip to content

Commit

Permalink
Switch back to GITHUB_TOKEN, but specify permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
PlasmaPower committed Jul 10, 2024
1 parent d2e3034 commit aae1ea8
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions .github/workflows/trigger-merge-checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ on:
branches: [ master ]
types: [synchronize, opened, reopened, labeled, unlabeled]

permissions:
actions: write
checks: read

jobs:
check-design-approved:
name: Check Design Approved Status
Expand All @@ -16,7 +20,7 @@ jobs:
curl -sSL --fail-with-body \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.NITRO_CI_HELPER_WORKFLOWS }}" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/$GITHUB_REPOSITORY/actions/workflows/merge-checks.yml/dispatches \
-d '{"ref":"$GITHUB_BASE_REF"}'
Expand All @@ -26,7 +30,7 @@ jobs:
set -x pipefail
if curl -sSL --fail-with-body \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.NITRO_CI_HELPER_RO }}" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/$GITHUB_REPOSITORY/commits/$GITHUB_SHA/check-runs \
| jq -e '.check_runs | .[] | select(.name == "Design Approved Check")' >/dev/null
Expand All @@ -35,7 +39,7 @@ jobs:
curl -sSL --fail-with-body \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.NITRO_CI_HELPER_WORKFLOWS }}" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/$GITHUB_REPOSITORY/actions/workflows/merge-checks.yml/dispatches \
-d '{"ref":"$GITHUB_BASE_REF"}'
Expand Down

0 comments on commit aae1ea8

Please sign in to comment.