Skip to content

Commit

Permalink
ci: enhance AutoGenerator workflow with secure token use
Browse files Browse the repository at this point in the history 
- Remove `pull-requests` permission from the workflow
- Change `GH_TOKEN` environment variable to use `secrets.CR_PAT` instead of `github.token`

Signed-off-by: 陳鈞 <[email protected]>
  • Loading branch information
@jim60105
jim60105 committed Oct 20, 2024
1 parent 94e28a2 commit b61b311
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/AutoGenerator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ on:
workflow_dispatch:

permissions:
pull-requests: write
contents: write

jobs:
Expand Down Expand Up @@ -47,7 +46,8 @@ jobs:

- name: Create or Update Pull Request
env:
GH_TOKEN: ${{ github.token }}
# Use CR_PAT to trigger another workflow
GH_TOKEN: ${{ secrets.CR_PAT }}
run: |
gh_pr_up() {
gh pr create "$@" || gh pr edit "$@"
Expand Down

0 comments on commit b61b311

Please sign in to comment.