diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index a162bf78f..5bdfdb578 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -16,7 +16,8 @@ on: types: - released - +permissions: + contents: read jobs: prepare: @@ -28,8 +29,6 @@ jobs: steps: - uses: actions/checkout@v4 - with: - token: ${{ secrets.ACCESS_TOKEN }} - name: Find Latest Tag id: latest_tag @@ -55,7 +54,6 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.ACCESS_TOKEN }} - name: Configurating Git run: | diff --git a/.github/workflows/merge-dev.yml b/.github/workflows/merge-dev.yml index 5de7d0ea5..2555efc36 100644 --- a/.github/workflows/merge-dev.yml +++ b/.github/workflows/merge-dev.yml @@ -59,4 +59,3 @@ jobs: with: tag: ${{ needs.prepare.outputs.version }} message: ${{ github.event.head_commit.message }} - github_token: ${{ secrets.ACCESS_TOKEN }} diff --git a/.github/workflows/merge-master.yml b/.github/workflows/merge-master.yml index d9e8b7eb0..4389f71cb 100644 --- a/.github/workflows/merge-master.yml +++ b/.github/workflows/merge-master.yml @@ -27,13 +27,9 @@ jobs: steps: - uses: actions/checkout@v4 - with: - token: ${{ secrets.ACCESS_TOKEN }} - uses: cycjimmy/semantic-release-action@v3 id: semantic - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} with: branch: master dry_run: true @@ -58,8 +54,6 @@ jobs: steps: - uses: ydataai/create-tag@v1.0.0 - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} with: tag: ${{ needs.prepare.outputs.version }} message: ${{ github.event.head_commit.message }} @@ -77,13 +71,9 @@ jobs: steps: - name: Delete Previous drafts uses: hugo19941994/delete-draft-releases@v1.0.1 - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - name: Create Draft Release uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} with: tag_name: ${{ needs.prepare.outputs.release }} release_name: ${{ needs.prepare.outputs.release }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c66e0317c..c79843abf 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -6,6 +6,9 @@ on: - renovate/** pull_request: +permissions: + contents: write + jobs: commitlint: name: Lint commit message @@ -81,7 +84,6 @@ jobs: if: always() && steps.commit.outputs.CHANGES == 'true' with: branch: ${{ github.head_ref }} - github_token: ${{ secrets.ACCESS_TOKEN }} validate-docs: name: Validate Docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1a9e1207b..97dac3f59 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,8 @@ on: types: - released +permissions: + contents: write jobs: package: @@ -66,7 +68,7 @@ jobs: - uses: AButler/upload-release-assets@v3.0 with: files: "dist/*" - repo-token: ${{ secrets.ACCESS_TOKEN }} + repo-token: ${{ secrets.GITHUB_TOKEN }} release-tag: ${{ needs.package.outputs.version }} publish-pypi: diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml deleted file mode 100644 index a2edbdb83..000000000 --- a/.github/workflows/sonarqube.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: SonarQube - - - -on: - push: - branches: - - master - - - -jobs: - sonarqube: - name: SonarQube - runs-on: - - ubuntu-24.04 - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: SonarQube file - run: | - echo "sonar.projectKey=${{ github.event.repository.name }}" > sonar-project.properties - - - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@v5.0.0 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 01ce3966d..714ff0e05 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -20,5 +20,5 @@ jobs: uses: andymckay/labeler@master with: add-labels: "needs-triage" - repo-token: ${{ secrets.ACCESS_TOKEN }} + repo-token: ${{ secrets.GITHUB_TOKEN }} ignore-if-labeled: true