From 3d57498902d44a98f3a12bd183929e59b8bd7cc5 Mon Sep 17 00:00:00 2001 From: Amit kremer Date: Wed, 8 Jan 2025 16:03:11 +0200 Subject: [PATCH] add workflow permission --- .github/workflows/deploy-to-QA.yml | 11 +++++++---- .github/workflows/pre-release-workflow.yml | 7 +++++-- .../workflows/release-Production-workflow.yml | 17 ++++++++++------- 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/.github/workflows/deploy-to-QA.yml b/.github/workflows/deploy-to-QA.yml index f4e1dd9a..bc0a2560 100644 --- a/.github/workflows/deploy-to-QA.yml +++ b/.github/workflows/deploy-to-QA.yml @@ -3,6 +3,9 @@ name: Deploy To QA on: workflow_call: +permissions: + contents: write + jobs: Deploy-to-QA: runs-on: ubuntu-latest @@ -16,7 +19,7 @@ jobs: run: | git config --global user.name $COMMIT_AUTHOR git config --global user.email $COMMIT_EMAIL - + - name: Check if fixed version is on Jira env: JIRA_TOKEN: ${{ secrets.CI_JIRA_TOKEN }} @@ -27,8 +30,8 @@ jobs: jira_fixed_version="React Native SDK v$plugin_version" echo "JIRA_FIXED_VERSION=$jira_fixed_version" >> $GITHUB_ENV chmod +x .github/workflows/scripts/releaseNotesGenerator.sh - .github/workflows/scripts/releaseNotesGenerator.sh $JIRA_TOKEN "$jira_fixed_version" - + .github/workflows/scripts/releaseNotesGenerator.sh $JIRA_TOKEN "$jira_fixed_version" + - name: Check version alignment between platforms env: BRANCH_NAME: ${{github.ref_name}} @@ -54,7 +57,7 @@ jobs: - name: Generate and send slack report env: SLACK_TOKEN: ${{ secrets.CI_SLACK_TOKEN }} - run: | + run: | ios_sdk_version=$(cat react-native-appsflyer.podspec | grep '\'AppsFlyerFramework\' | grep -Eo '[0-9].[0-9]+.[0-9]+') android_sdk_version=$(cat android/build.gradle | grep 'com.appsflyer:af-android-sdk' | grep -Eo '[0-9].[0-9]+.[0-9]+') CHANGES=$(cat "${{env.JIRA_FIXED_VERSION}}-releasenotes".txt) diff --git a/.github/workflows/pre-release-workflow.yml b/.github/workflows/pre-release-workflow.yml index ea444620..cbaacf96 100644 --- a/.github/workflows/pre-release-workflow.yml +++ b/.github/workflows/pre-release-workflow.yml @@ -5,7 +5,10 @@ on: types: - opened branches: - - 'master' + - "master" + +permissions: + contents: write jobs: Prepare-Plugin-For-Production: @@ -34,7 +37,7 @@ jobs: echo "Updating plugin to version $plugin_version" npm version $plugin_version git push origin HEAD:${{ steps.vars.outputs.branch }} --force - + - name: Update CHANGELOG.md env: JIRA_TOKEN: ${{ secrets.CI_JIRA_TOKEN }} diff --git a/.github/workflows/release-Production-workflow.yml b/.github/workflows/release-Production-workflow.yml index af505cc1..81847cd5 100644 --- a/.github/workflows/release-Production-workflow.yml +++ b/.github/workflows/release-Production-workflow.yml @@ -5,12 +5,16 @@ on: types: - closed branches: - - 'master' + - "master" paths-ignore: - - '**.md' - - '**.yml' - - 'demoes/**' - - 'Docs/**' + - "**.md" + - "**.yml" + - "demoes/**" + - "Docs/**" + +permissions: + contents: write + jobs: Deploy-To-Production: if: github.event.pull_request.merged == true @@ -35,7 +39,7 @@ jobs: echo "PLUGIN_VERSION=$TAG" >> $GITHUB_ENV echo "RELEASE_BRANCH_NAME=${{ steps.vars.outputs.branch }}" >> $GITHUB_ENV echo "push new release >> $TAG" - + - name: "Create release" env: TAG: ${{env.PLUGIN_VERSION}} @@ -64,7 +68,6 @@ jobs: echo "//registry.npmjs.org/:_authToken=$CI_NPM_TOKEN" > ~/.npmrc npm publish - - name: Generate and send slack report env: SLACK_TOKEN: ${{ secrets.CI_SLACK_TOKEN }}