diff --git a/.github/workflows/alpha-release.yml b/.github/workflows/alpha-release.yml index 53e451ba..bca6f777 100644 --- a/.github/workflows/alpha-release.yml +++ b/.github/workflows/alpha-release.yml @@ -23,6 +23,7 @@ jobs: runs-on: ubuntu-latest permissions: id-token: write + contents: write if: | github.repository == 'carbon-design-system/carbon-for-ai' timeout-minutes: 60 diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 4c4e503b..30126527 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -18,5 +18,4 @@ jobs: with: type: now target_branch: 'main' - env: - GITHUB_TOKEN: ${{secrets.MERGE_ACTION}} + github_token: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e7eab509..822c152c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,6 +29,9 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: + id-token: write + contents: write if: | github.repository == 'carbon-design-system/carbon-for-ai' && startsWith(github.ref_name, 'release/') @@ -61,6 +64,9 @@ jobs: with: version: ${{ github.event.inputs.version }} git-tag-version: ${{ github.event.inputs.dry-run != 'true' }} + - name: Push git tags + if: github.event.inputs.dry-run == 'false' + run: git push && git push --tags # Dry run of preminor - name: Preminor dry-run if: | @@ -74,7 +80,7 @@ jobs: github.event.inputs.type == 'preminor' && github.event.inputs.dry-run == 'false' run: | - npm publish --access=public --tag next + npm publish --provenance --access=public --tag next # Dry run of minor - name: Minor dry-run if: | @@ -88,4 +94,4 @@ jobs: github.event.inputs.type == 'minor' && github.event.inputs.dry-run == 'false' run: | - npm publish --access=public --tag latest + npm publish --provenance --access=public --tag latest