From a765a59a568dd5d62e5637a2864e1d6a6038ede3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Max=20Str=C3=BCbing?= Date: Fri, 20 Dec 2024 12:37:07 +0000 Subject: [PATCH] ci: set workflow permissions for release job We had the issue that the github action wasnt able to push tags to github. This should fix the issue ref: #1828 --- .github/workflows/release.yml | 95 ++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bc1464fe24..4ff55128b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,51 +1,54 @@ name: Release +permissions: + contents: write + on: - workflow_dispatch: - inputs: - releaseVersion: - type: string - required: true - description: The version of this release. Must be a semantic version of the form X.Y.Z. - dry_run: - type: boolean - required: true - default: false - description: Dry run, will not push branches or upload the artifacts. - skip_tag: - type: boolean - required: true - default: false - description: If true, don't tag this release, just push it. + workflow_dispatch: + inputs: + releaseVersion: + type: string + required: true + description: The version of this release. Must be a semantic version of the form X.Y.Z. + dry_run: + type: boolean + required: true + default: false + description: Dry run, will not push branches or upload the artifacts. + skip_tag: + type: boolean + required: true + default: false + description: If true, don't tag this release, just push it. jobs: - release: - runs-on: ubuntu-latest - environment: production - steps: - - name: Checkout Javascript - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: '20' - registry-url: 'https://registry.npmjs.org' - - name: Install dependencies - run: npm install - - name: Package - run: ./build-package.sh - - name: Upload pre-release - if: ${{ github.event.inputs.dry_run != 'true' }} - run: npm publish --tag next - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} - - name: Tag release - if: ${{ github.event.inputs.skip_tag != 'true' }} - run: | - git config --global user.name 'Github Bot' - git config --global user.email '<>' - git tag ${{ github.events.inputs.version }} - - name: Push tag - if: ${{ github.event.inputs.dry_run != 'true' }} - run: | - git push ${{ github.events.inputs.version }} + release: + runs-on: ubuntu-latest + environment: production + steps: + - name: Checkout Javascript + uses: actions/checkout@v4 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: '20' + registry-url: 'https://registry.npmjs.org' + - name: Install dependencies + run: npm install + - name: Package + run: ./build-package.sh + - name: Upload pre-release + if: ${{ github.event.inputs.dry_run != 'true' }} + run: npm publish --tag next + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} + - name: Tag release + if: ${{ github.event.inputs.skip_tag != 'true' }} + run: | + git config --global user.name 'Github Bot' + git config --global user.email '<>' + git tag ${{ github.events.inputs.version }} + - name: Push tag + if: ${{ github.event.inputs.dry_run != 'true' }} + run: | + git push ${{ github.events.inputs.version }}