From 6abd1b1e31b31683c0ec58bb2cf00638203a1fc0 Mon Sep 17 00:00:00 2001 From: maleo Date: Tue, 31 Oct 2023 10:28:06 +0000 Subject: [PATCH] Use job token where possible It's possible if you set permissions packages:write and specify the image name explicitly --- .github/workflows/test.yml | 15 +++++++++------ README.md | 10 +++++----- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dbc1018..601b7ce 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,6 +5,9 @@ on: pull_request: branches: [ main ] concurrency: testing +permissions: + contents: read + packages: write jobs: add_temp_pkgs1: name: Add temporary packages for testing @@ -21,7 +24,7 @@ jobs: uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} + username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: lower case repository id: lower_case_repository @@ -54,7 +57,7 @@ jobs: uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} + username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: lower case repository id: lower_case_repository @@ -80,12 +83,12 @@ jobs: - uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Login to GitHub Container Registry with PAT_TOKEN + - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.PAT_TOKEN }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: ./ with: token: ${{ secrets.PAT_TOKEN }} @@ -118,7 +121,7 @@ jobs: - uses: actions/checkout@v3 - uses: ./ with: - token: ${{ secrets.PAT_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} repository_owner: ${{ github.repository_owner }} repository: ${{ github.repository }} package_name: ${{ github.repository }}/p1 diff --git a/README.md b/README.md index 2d82bcf..14662a0 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ delete all / untagged ghcr containers in a repository - name: Delete all containers from package without tags uses: Chizkiyahu/delete-untagged-ghcr-action@v2 with: - token: ${{ secrets.PAT_TOKEN }} + token: ${{ github.token }} repository_owner: ${{ github.repository_owner }} repository: ${{ github.repository }} package_name: the-package-name @@ -145,12 +145,12 @@ delete all / untagged ghcr containers in a repository uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.PAT_TOKEN }} + username: ${{ github.repository_owner }} + password: ${{ github.token }} - name: Delete all containers from package without tags uses: Chizkiyahu/delete-untagged-ghcr-action@v2 with: - token: ${{ secrets.PAT_TOKEN }} + token: ${{ github.token }} repository_owner: ${{ github.repository_owner }} repository: ${{ github.repository }} package_name: the-package-name @@ -164,7 +164,7 @@ delete all / untagged ghcr containers in a repository - name: Delete all containers from package uses: Chizkiyahu/delete-untagged-ghcr-action@v2 with: - token: ${{ secrets.PAT_TOKEN }} + token: ${{ github.token }} repository_owner: ${{ github.repository_owner }} repository: ${{ github.repository }} package_name: the-package-name