From b8cab140991c15505f18d8876ec0337ea1488039 Mon Sep 17 00:00:00 2001 From: Max Mehl Date: Tue, 19 May 2026 11:41:32 +0200 Subject: [PATCH] ci: harden release-please app token permissions --- .github/workflows/release-please.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 6c1e2c2..c1eb531 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -11,7 +11,6 @@ on: permissions: contents: write - issues: write pull-requests: write jobs: @@ -24,6 +23,10 @@ jobs: with: client-id: ${{ secrets.RELEASER_CLIENT_ID }} private-key: ${{ secrets.RELEASER_PRIVATE_KEY }} + repositories: github-org-manager + skip-token-revoke: false + permission-contents: write + permission-pull-requests: write - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 with: