From 937c99026896c423727301d06d6b825d73bcbf94 Mon Sep 17 00:00:00 2001
From: Qi <add_sp@outlook.com>
Date: Thu, 7 Mar 2024 13:37:15 +0800
Subject: [PATCH] chore(CI): fix the workflow that comments the docker image on
 the commit (#12693)

Replace `${{ secrets.GHA_COMMENT_TOKEN }}` with `${{ secrets.GITHUB_TOKEN }}`.

The `${{ secrets.GHA_COMMENT_TOKEN }}` needs to be manually rotated,
replacing it by `${{ secrets.GITHUB_TOKEN }}`, which is generated by each
run of the workflow, so we don't need to rotate token anymore.
---
 .github/workflows/release.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a90233306b1..896f9e151c0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -42,6 +42,7 @@ env:
 
   HAS_ACCESS_TO_GITHUB_TOKEN: ${{ github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') }}
 
+
 jobs:
   metadata:
     name: Metadata
@@ -306,6 +307,10 @@ jobs:
     needs: [metadata, build-packages]
     runs-on: ubuntu-22.04
 
+    permissions:
+      # create comments on commits for docker images needs the `write` permission
+      contents: write
+
     strategy:
       fail-fast: false
       matrix:
@@ -393,7 +398,7 @@ jobs:
       uses: peter-evans/commit-comment@5a6f8285b8f2e8376e41fe1b563db48e6cf78c09 # v3.0.0
       continue-on-error: true # TODO: temporary fix until the token is back
       with:
-        token: ${{ secrets.GHA_COMMENT_TOKEN }}
+        token: ${{ secrets.GITHUB_TOKEN }}
         body: |
           ### Bazel Build
           Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}`