fix: package permission on action (#1072)

Co-authored-by: Dustin Deus <deusdustin@gmail.com>
wundergraph · Aug 14, 2024 · 0a3e1fd · 0a3e1fd
1 parent f17f15c
commit 0a3e1fd
Show file tree

Hide file tree

Showing 10 changed files with 14 additions and 54 deletions.
diff --git a/.github/actions/helm-release/action.yaml b/.github/actions/helm-release/action.yaml
@@ -23,10 +23,6 @@ inputs:
     required: true
     type: string
 
-permissions:
-  contents: read
-  packages: write
-
 runs:
   using: composite
   steps:

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -88,7 +88,7 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      if: "(github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')) || (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'release-please--'))"
+      if: (github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')) || (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'release-please--'))
       uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/helm-ci.yaml b/.github/workflows/helm-ci.yaml
@@ -1,16 +1,9 @@
 name: Helm CI
 on:
-  push:
-    branches-ignore:
-      - "release-please--**"
   pull_request:
     paths:
       - "helm/**/*"
       - ".github/workflows/helm-ci.yaml"
-      # do not trigger on what usually the release-please bot would do
-      # otherwise this is triggered also on pull requests from the bot
-      - "helm/**/CHANGELOG.md"
-      - "helm/**/Chart.yaml"
 
 concurrency:
   group: ${{github.workflow}}-${{github.head_ref}}
@@ -48,5 +41,5 @@ jobs:
         working-directory: ./helm
 
       - name: Check if git is not dirty after generating files
-        if: "(github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')) || (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'release-please--'))"
+        if: (github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')) || (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'release-please--'))
         run: git diff --no-ext-diff --exit-code ./helm
diff --git a/.github/workflows/helm-deployment.yaml b/.github/workflows/helm-deployment.yaml
@@ -1,16 +1,9 @@
 name: Helm Deployment
 on:
-  push:
-    branches-ignore:
-      - "release-please--**"
   pull_request:
     paths:
       - "helm/**/*"
       - ".github/workflows/helm-ci.yaml"
-      # do not trigger on what usually the release-please bot would do
-      # otherwise this is triggered also on pull requests from the bot
-      - "helm/**/CHANGELOG.md"
-      - "helm/**/Chart.yaml"
 
 concurrency:
   group: ${{github.workflow}}-${{github.head_ref}}
@@ -50,13 +43,13 @@ jobs:
           kbld version
 
       - name: start minikube
-        if: "(github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')) || (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'release-please--'))"
+        if: github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')
         id: minikube
         uses: medyagh/setup-minikube@v0.0.14
         with:
           addons: ingress
 
       - name: Deploy to minikube
-        if: "(github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')) || (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'release-please--'))"
+        if: github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release-please--')
         working-directory: ./helm
         run: make deploy KAPP_ARGS="-y --logs-all"
diff --git a/.github/workflows/helm-release-docs-update.yaml b/.github/workflows/helm-release-docs-update.yaml
@@ -25,6 +25,8 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GH_TOKEN_HELM_RELEASES }}
 
       - uses: ./.github/actions/go
 
@@ -39,6 +41,7 @@ jobs:
         with:
           commit_message: 'chore: update helm docs and prepare release'
           file_pattern: 'helm/**/*.md'
+          token: ${{ secrets.GH_TOKEN_HELM_RELEASES }}
           commit_user_name: hardworker-bot
           commit_user_email: bot@wundergraph.com
           commit_author: hardworker-bot <bot@wundergraph.com>

diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
@@ -11,6 +11,7 @@ on:
 permissions:
   contents: write
   pull-requests: write
+  packages: write
 
 env:
   CI: true
@@ -43,7 +44,7 @@ jobs:
           working-directory: ./helm
           registry: ${{ env.REGISTRY }}
           registry-username: ${{ github.actor }}
-          registry-password: ${{ secrets.GH_TOKEN_HELM_RELEASES }}
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
           make-target: publish-cosmo-chart
 
       - uses: ./.github/actions/helm-release
@@ -52,5 +53,5 @@ jobs:
           working-directory: ./helm
           registry: ${{ env.REGISTRY }}
           registry-username: ${{ github.actor }}
-          registry-password: ${{ secrets.GH_TOKEN_HELM_RELEASES }}
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
           make-target: publish-router-chart
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -1,4 +1,4 @@
 {
-  "helm/cosmo": "0.8.0",
+  "helm/cosmo": "0.7.0",
   "helm/cosmo/charts/router": "0.6.0"
 }
diff --git a/helm/cosmo/CHANGELOG.md b/helm/cosmo/CHANGELOG.md
diff --git a/helm/cosmo/Chart.yaml b/helm/cosmo/Chart.yaml
@@ -1,7 +1,6 @@
 apiVersion: v2
 name: cosmo
-description: This is the official Helm Chart for WunderGraph Cosmo - The Full
-  Lifecycle GraphQL API Management Solution.
+description: This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle GraphQL API Management Solution.
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -16,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: '0.8.0'
+version: '0.7.0'
 
 home: https://github.com/wundergraph/cosmo
 

diff --git a/helm/cosmo/README.md b/helm/cosmo/README.md
@@ -2,7 +2,7 @@
 
 For a detailed deployment guide of the chart, including the full documentation, see the [DEV.md](DEV.md) file.
 
-![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle GraphQL API Management Solution.