From cd06854945a24eb74971383d11f43be8dccd4f98 Mon Sep 17 00:00:00 2001 From: Lachlan Collins <1667261+lachlancollins@users.noreply.github.com> Date: Tue, 17 Mar 2026 22:26:08 +1100 Subject: [PATCH 1/4] ci: try fixing permissions --- .github/changeset-preview/action.yml | 3 --- .github/changeset-preview/upsert-pr-comment.mjs | 2 +- .github/comment-on-release/action.yml | 2 -- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/changeset-preview/action.yml b/.github/changeset-preview/action.yml index 0248f810..40759266 100644 --- a/.github/changeset-preview/action.yml +++ b/.github/changeset-preview/action.yml @@ -17,6 +17,3 @@ runs: --pr "${{ github.event.number }}" \ --body-file /tmp/changeset-preview.md \ --marker "" - env: - REPOSITORY: ${{ github.repository }} - GH_TOKEN: ${{ github.token }} diff --git a/.github/changeset-preview/upsert-pr-comment.mjs b/.github/changeset-preview/upsert-pr-comment.mjs index cb914c6c..1427cdc8 100644 --- a/.github/changeset-preview/upsert-pr-comment.mjs +++ b/.github/changeset-preview/upsert-pr-comment.mjs @@ -26,7 +26,7 @@ function parseArgs(argv) { bodyFile: values['body-file'], repo: values.repo ?? process.env.GITHUB_REPOSITORY, marker: values.marker ?? DEFAULT_MARKER, - token: values.token ?? (process.env.GITHUB_TOKEN || process.env.GH_TOKEN), + token: values.token ?? process.env.GITHUB_TOKEN, apiUrl: values['api-url'] ?? (process.env.GITHUB_API_URL || 'https://api.github.com'), diff --git a/.github/comment-on-release/action.yml b/.github/comment-on-release/action.yml index 4b134a9d..339ec325 100644 --- a/.github/comment-on-release/action.yml +++ b/.github/comment-on-release/action.yml @@ -12,5 +12,3 @@ runs: run: node ${{ github.action_path }}/comment-on-release.ts env: PUBLISHED_PACKAGES: ${{ inputs.published-packages }} - REPOSITORY: ${{ github.repository }} - GH_TOKEN: ${{ github.token }} From e8915f729b38f5772df077f3eda75894727537a9 Mon Sep 17 00:00:00 2001 From: Lachlan Collins <1667261+lachlancollins@users.noreply.github.com> Date: Tue, 17 Mar 2026 22:30:33 +1100 Subject: [PATCH 2/4] Try this --- .github/changeset-preview/action.yml | 2 ++ .github/comment-on-release/action.yml | 1 + packages/publish-config/src/index.js | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/changeset-preview/action.yml b/.github/changeset-preview/action.yml index 40759266..44661b97 100644 --- a/.github/changeset-preview/action.yml +++ b/.github/changeset-preview/action.yml @@ -17,3 +17,5 @@ runs: --pr "${{ github.event.number }}" \ --body-file /tmp/changeset-preview.md \ --marker "" + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/comment-on-release/action.yml b/.github/comment-on-release/action.yml index 339ec325..4c90d5ab 100644 --- a/.github/comment-on-release/action.yml +++ b/.github/comment-on-release/action.yml @@ -12,3 +12,4 @@ runs: run: node ${{ github.action_path }}/comment-on-release.ts env: PUBLISHED_PACKAGES: ${{ inputs.published-packages }} + GITHUB_TOKEN: ${{ github.token }} diff --git a/packages/publish-config/src/index.js b/packages/publish-config/src/index.js index dc295cc3..fe0b0980 100644 --- a/packages/publish-config/src/index.js +++ b/packages/publish-config/src/index.js @@ -487,7 +487,7 @@ export const publish = async (options) => { `gh release create v${version} ${ branchConfig.prerelease ? '--prerelease' : '' } --notes '${changelogMd.replace(/'/g, '"')}'`, - { env: { ...process.env, GH_TOKEN: ghToken } }, + { env: process.env }, ) console.info(' Github release created.') } From 45f116f6a4c3eacb42921219d3ea3500d4e88a15 Mon Sep 17 00:00:00 2001 From: Lachlan Collins <1667261+lachlancollins@users.noreply.github.com> Date: Tue, 17 Mar 2026 22:36:01 +1100 Subject: [PATCH 3/4] Undo a change --- packages/publish-config/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/publish-config/src/index.js b/packages/publish-config/src/index.js index fe0b0980..dc295cc3 100644 --- a/packages/publish-config/src/index.js +++ b/packages/publish-config/src/index.js @@ -487,7 +487,7 @@ export const publish = async (options) => { `gh release create v${version} ${ branchConfig.prerelease ? '--prerelease' : '' } --notes '${changelogMd.replace(/'/g, '"')}'`, - { env: process.env }, + { env: { ...process.env, GH_TOKEN: ghToken } }, ) console.info(' Github release created.') } From cc310239edf2101458c1c65c1e668cb3a130f293 Mon Sep 17 00:00:00 2001 From: Lachlan Collins <1667261+lachlancollins@users.noreply.github.com> Date: Tue, 17 Mar 2026 22:36:50 +1100 Subject: [PATCH 4/4] Explicit secrets --- .github/changeset-preview/action.yml | 2 +- .github/comment-on-release/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/changeset-preview/action.yml b/.github/changeset-preview/action.yml index 44661b97..5f348907 100644 --- a/.github/changeset-preview/action.yml +++ b/.github/changeset-preview/action.yml @@ -18,4 +18,4 @@ runs: --body-file /tmp/changeset-preview.md \ --marker "" env: - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/comment-on-release/action.yml b/.github/comment-on-release/action.yml index 4c90d5ab..d9756c6b 100644 --- a/.github/comment-on-release/action.yml +++ b/.github/comment-on-release/action.yml @@ -12,4 +12,4 @@ runs: run: node ${{ github.action_path }}/comment-on-release.ts env: PUBLISHED_PACKAGES: ${{ inputs.published-packages }} - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}