Skip to content

Commit b126d9a

Browse files
committed
chore(release): separate out comment step
This helps me scope the permissions more narrowly.
1 parent 85e7ec9 commit b126d9a

4 files changed

Lines changed: 10 additions & 2 deletions

File tree

.github/scripts/upsert-release-pr.sh

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,5 +38,3 @@ else
3838
--title "chore(release): ${release_version}" \
3939
--body-file "${body_file}"
4040
fi
41-
42-
gh issue comment "${ISSUE_NUMBER}" --body "Prepared release PR for ${tag_name} targeting ${target_branch}."

.github/workflows/release-branch.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ jobs:
3838
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
3939
owner: ${{ github.repository_owner }}
4040
repositories: ${{ github.event.repository.name }}
41+
permission-contents: write
4142

4243
- name: Create branch
4344
env:

.github/workflows/release-prepare.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,8 @@ jobs:
4949
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
5050
owner: ${{ github.repository_owner }}
5151
repositories: ${{ github.event.repository.name }}
52+
permission-contents: write
53+
permission-pull-requests: write
5254

5355
- name: Prepare release branch
5456
id: release
@@ -71,6 +73,12 @@ jobs:
7173
"${{ steps.release.outputs.tag_name }}" \
7274
2>&1 | tee -a "${RUNNER_TEMP}/release-prepare.log"
7375
76+
- name: Comment on prepared release
77+
run: >
78+
gh issue comment "${ISSUE_NUMBER}"
79+
--body "Prepared release PR for ${{ steps.release.outputs.tag_name }}
80+
targeting ${{ steps.release.outputs.target_branch }}."
81+
7482
- name: Comment on failure
7583
if: failure()
7684
env:

.github/workflows/release-publish.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ jobs:
4141
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
4242
owner: ${{ github.repository_owner }}
4343
repositories: ${{ github.event.repository.name }}
44+
permission-contents: write
4445

4546
- name: Publish release
4647
env:

0 commit comments

Comments
 (0)