fix(release): require RELEASE_PAT for tag and release updates
Stop using GITHUB_TOKEN/GITEA_TOKEN fallbacks in prepare/do-release/publish mutation paths. Require explicit PAT wiring via secrets.RELEASE_PAT for commit/push/tag and release update operations so downstream workflows trigger reliably.
This commit is contained in:
Micheal Wilkinson
@@ -30,7 +30,7 @@ Apply these checks before invoking actions:
|
||||
|
||||
- Checkout repository first.
|
||||
- For prepare/publish flows that depend on tags/history, use full history checkout (`fetch-depth: 0`).
|
||||
- Use valid credentials for release/comment API calls. On GitHub, `secrets.GITHUB_TOKEN` is used; on self-hosted Gitea, set `secrets.GITEA_TOKEN`.
|
||||
- Use `secrets.RELEASE_PAT` for release/tag/update operations (prepare/publish/do-release) so tag pushes trigger downstream workflows reliably.
|
||||
- `do-release` and `decorate-pr` now run preflight API checks and fail fast when token credentials are missing or insufficient.
|
||||
- Set required vars/secrets for coverage uploads:
|
||||
- `vars.ARTEFACT_BUCKET_NAME`
|
||||
|
||||
Reference in New Issue
Block a user