From cde4847ef93ef28656821f0b1d53ba012f41cea5 Mon Sep 17 00:00:00 2001 From: Jaroslav Kysela Date: Wed, 1 Apr 2026 16:26:20 +0200 Subject: [PATCH] github: workflow: another permissions fix (token) Signed-off-by: Jaroslav Kysela --- .github/workflows/label-automation.yml | 2 -- .github/workflows/pr-validation.yml | 2 -- .github/workflows/reusable-label-commenter.yml | 6 +----- .github/workflows/reusable-sob-validator.yml | 12 ++++-------- 4 files changed, 5 insertions(+), 17 deletions(-) diff --git a/.github/workflows/label-automation.yml b/.github/workflows/label-automation.yml index 2a77d4c..d6ee04c 100644 --- a/.github/workflows/label-automation.yml +++ b/.github/workflows/label-automation.yml @@ -21,5 +21,3 @@ jobs: uses: ./.github/workflows/reusable-label-commenter.yml with: config-path: '.github/label-descriptions.yml' - secrets: - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 6651653..386c4ce 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -25,5 +25,3 @@ jobs: config-path: '.github/label-descriptions.yml' sob-label: 'signed off by' pr-number: ${{ github.event_name == 'workflow_dispatch' && format('{0}', inputs.pr_number) || '' }} - secrets: - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/reusable-label-commenter.yml b/.github/workflows/reusable-label-commenter.yml index 296e408..ac7638f 100644 --- a/.github/workflows/reusable-label-commenter.yml +++ b/.github/workflows/reusable-label-commenter.yml @@ -8,10 +8,6 @@ on: required: false type: string default: '.github/label-descriptions.yml' - secrets: - github-token: - description: 'GitHub token for API access' - required: false jobs: add-label-comment: @@ -52,7 +48,7 @@ jobs: - name: Handle label action uses: actions/github-script@v7 with: - github-token: ${{ secrets.github-token || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | // Get the label and action const label = context.payload.label.name; diff --git a/.github/workflows/reusable-sob-validator.yml b/.github/workflows/reusable-sob-validator.yml index 15a94d1..97cc681 100644 --- a/.github/workflows/reusable-sob-validator.yml +++ b/.github/workflows/reusable-sob-validator.yml @@ -18,10 +18,6 @@ on: required: false type: string default: '' - secrets: - github-token: - description: 'GitHub token for API access' - required: false jobs: validate-signedoff: @@ -81,7 +77,7 @@ jobs: id: validate uses: actions/github-script@v7 with: - github-token: ${{ secrets.github-token || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | // Parse config from JSON const config = JSON.parse(process.env.CONFIG_JSON); @@ -187,7 +183,7 @@ jobs: if: steps.validate.outputs.has_issues == 'true' uses: actions/github-script@v7 with: - github-token: ${{ secrets.github-token || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.issues.addLabels({ owner: context.repo.owner, @@ -200,7 +196,7 @@ jobs: if: steps.validate.outputs.has_issues == 'true' uses: actions/github-script@v7 with: - github-token: ${{ secrets.github-token || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | const commentId = ''; const issues = process.env.SOB_ISSUES; @@ -253,7 +249,7 @@ jobs: uses: actions/github-script@v7 continue-on-error: true with: - github-token: ${{ secrets.github-token || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | const prNumber = parseInt('${{ steps.pr-number.outputs.number }}', 10); const labelName = '${{ inputs.sob-label }}'; -- 2.52.0