Use fine-grained access tokens instead of GITHUB_TOKEN

OffchainLabs · Jul 10, 2024 · cafd584 · cafd584
1 parent 49b5dff
commit cafd584
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/trigger-merge-checks.yml b/.github/workflows/trigger-merge-checks.yml
@@ -16,7 +16,7 @@ jobs:
           curl -sSL --fail-with-body \
             -X POST \
             -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $GITHUB_TOKEN" \
+            -H "Authorization: Bearer ${{ secrets.NITRO_CI_HELPER_WORKFLOWS }}" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/$GITHUB_REPOSITORY/actions/workflows/merge-checks.yml/dispatches \
             -d '{"ref":"$GITHUB_BASE_REF"}'
@@ -26,7 +26,7 @@ jobs:
           set -x pipefail
           if curl -sSL --fail-with-body \
               -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer $GITHUB_TOKEN" \
+              -H "Authorization: Bearer ${{ secrets.NITRO_CI_HELPER_RO }}" \
               -H "X-GitHub-Api-Version: 2022-11-28" \
               https://api.github.com/repos/$GITHUB_REPOSITORY/commits/$GITHUB_SHA/check-runs \
             | jq -e '.check_runs.[] | select(.name == "Design Approved Check")' >/dev/null
@@ -35,7 +35,7 @@ jobs:
             curl -sSL --fail-with-body \
               -X POST \
               -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer $GITHUB_TOKEN" \
+              -H "Authorization: Bearer ${{ secrets.NITRO_CI_HELPER_WORKFLOWS }}" \
               -H "X-GitHub-Api-Version: 2022-11-28" \
               https://api.github.com/repos/$GITHUB_REPOSITORY/actions/workflows/merge-checks.yml/dispatches \
               -d '{"ref":"$GITHUB_BASE_REF"}'