From f0f72a14615f56318bfb3da3e2db84b9633fcedd Mon Sep 17 00:00:00 2001 From: Robert Stupp Date: Thu, 25 Dec 2025 13:27:48 +0100 Subject: [PATCH] Adapt release workflow to recent GH changes Similar to https://github.com/projectnessie/nessie/pull/11691 and the ninja commits [1](https://github.com/projectnessie/nessie/commit/9a7d255f69a53097d5f19518a5e298327fa480c3), [2](https://github.com/projectnessie/nessie/commit/2b63e7f61280d093dbfe2e3b3ced4bb7a905f311), [3](https://github.com/projectnessie/nessie/commit/bddde70d87067b9366d9610a11a3a3379ad78490). --- .github/workflows/release.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a7091dc0..9e3fd163 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,6 +33,8 @@ jobs: GIT_TAG: v${{ github.event.inputs.releaseVersion }} RELEASE_VERSION: ${{ github.event.inputs.releaseVersion }} NEXT_VERSION: ${{ github.event.inputs.nextVersion }} + permissions: + contents: write steps: - name: Check parameters @@ -54,6 +56,7 @@ jobs: with: fetch-depth: '0' submodules: 'true' + token: ${{ secrets.NESSIE_BUILDER }} - name: Check commit status run: | @@ -111,16 +114,7 @@ jobs: - name: Push tag + branch run: | - # Push directly using the remote repo URL, which includes the secret so this job can push to the repo - UPSTREAM="https://${{ secrets.NESSIE_BUILDER }}@github.com/${GITHUB_REPOSITORY}.git" - - # Move the default auth settings in ~/.gitconfig out of the way, so the git-push can use the token - git config --rename-section http.https://github.com/ http.https://save.github.com/ - - git push --no-verify "${UPSTREAM}" HEAD:${GITHUB_REF} ${GIT_TAG} - - # Move the default auth settings in ~/.gitconfig back - git config --rename-section http.https://save.github.com/ http.https://github.com/ + git push --no-verify origin HEAD:main ${GIT_TAG} - name: Prepare Release Notes id: prep_release