From d004704af2461cb9a4e76985fc9c4395901439d0 Mon Sep 17 00:00:00 2001 From: Szymon Szyszkowski Date: Fri, 19 Jul 2024 14:18:06 +0100 Subject: [PATCH] ci(release): use github app token for tag push --- .github/workflows/release.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b92300b8d..4eb48b992 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,6 +34,7 @@ jobs: fetch-depth: 0 repository: opentargets/gentropy token: ${{ secrets.GITHUB_TOKEN }} + persist-credentials: false - name: Python Semantic Release id: semrelease @@ -41,7 +42,7 @@ jobs: # breaks the poetry build command. uses: python-semantic-release/python-semantic-release@v9.6.0 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.trigger-token.outputs.token }} - name: Publish package to GitHub Release uses: python-semantic-release/upload-to-gh-release@main @@ -51,7 +52,7 @@ jobs: # requires using GH_APP to authenitcate, otherwise push authorised with # the GITHUB_TOKEN does not trigger the tag artifact workflow. # see https://github.com/actions/create-github-app-token - github_token: ${{ steps.trigger-token.outputs.token }} + github_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.semrelease.outputs.tag }} - name: Store the distribution packages