Skip to content

fix: replace secrets.GITHUB_TOKEN with github.token#6

Merged
j7an merged 1 commit intomainfrom
fix/replace-secrets-with-github-token
Apr 4, 2026
Merged

fix: replace secrets.GITHUB_TOKEN with github.token#6
j7an merged 1 commit intomainfrom
fix/replace-secrets-with-github-token

Conversation

@j7an
Copy link
Copy Markdown
Owner

@j7an j7an commented Apr 4, 2026

Summary

Replace ${{ secrets.GITHUB_TOKEN }} with ${{ github.token }} in all reusable workflow files.

Why

Reusable workflows can access the caller's token via github.token without needing secrets: inherit. This allows consumer repos to drop secrets: inherit from their thin callers, resolving zizmor/secrets-inherit warnings.

What changes

  • dependency-cooldown-gate.yml — 2 occurrences
  • dependency-cooldown-scan.yml — 2 occurrences
  • release.yml — 1 occurrence

Consumer impact

After this merges, consumer repos should:

  1. Update their SHA pin to the new commit
  2. Remove secrets: inherit from their caller YAML

This is a patch bump (bug fix, no input changes).

@j7an
fix: replace secrets.GITHUB_TOKEN with github.token
6c07fdb 
Reusable workflows can access the caller's token via github.token
without needing secrets: inherit. This allows callers to drop
secrets: inherit, resolving zizmor/secrets-inherit warnings.
@j7an j7an merged commit a60e4d5 into main Apr 4, 2026
2 checks passed
j7an added a commit that referenced this pull request Apr 12, 2026
@j7an
Merge pull request #6 from j7an/fix/replace-secrets-with-github-token
e1f9e37 
fix: replace secrets.GITHUB_TOKEN with github.token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@j7an