mirror of
https://github.com/ionic-team/ionic-framework.git
synced 2026-03-13 10:22:08 +08:00
c65b76e727
The workflow permissions update did not work due to it being nested in a workflow that only had `read` permissions. You can see a failing run here (scroll down to annotations): [19828029833](https://github.com/ionic-team/ionic-framework/actions/runs/19828029833) ``` Invalid workflow file: .github/workflows/release-orchestrator.yml#L71 The workflow is not valid. .github/workflows/release-orchestrator.yml (Line: 71, Col: 3): Error calling workflow 'ionic-team/ionic-framework/.github/workflows/release.yml@b4e540decc484bd22eb84484a8eb94f19b1790c1'. The nested job 'finalize-release' is requesting 'contents: write', but is only allowed 'contents: read'. .github/workflows/release-orchestrator.yml (Line: 71, Col: 3): Error calling workflow 'ionic-team/ionic-framework/.github/workflows/release.yml@b4e540decc484bd22eb84484a8eb94f19b1790c1'. The nested job 'update-package-lock' is requesting 'contents: write', but is only allowed 'contents: read'. ``` This updates the parent workflow to have `write` permissions. You can see a passing run here: [19828895682](https://github.com/ionic-team/ionic-framework/actions/runs/19828895682) Co-authored-by: Brandy Smith <6577830+brandyscarney@users.noreply.github.com>
82 lines
2.0 KiB
YAML
82 lines
2.0 KiB
YAML
name: 'Release - Ionic Framework'
|
|
|
|
on:
|
|
schedule:
|
|
# Run every Monday-Friday
|
|
# at 6:00 UTC (6:00 am UTC)
|
|
- cron: '00 06 * * 1-5'
|
|
workflow_dispatch:
|
|
inputs:
|
|
release-type:
|
|
description: 'Which Ionic release workflow should run?'
|
|
required: true
|
|
type: choice
|
|
default: dev
|
|
options:
|
|
- dev
|
|
- production
|
|
version:
|
|
description: 'Which version should be published? (Only for production releases)'
|
|
required: false
|
|
type: choice
|
|
options:
|
|
- patch
|
|
- minor
|
|
- major
|
|
- prepatch
|
|
- preminor
|
|
- premajor
|
|
- prerelease
|
|
tag:
|
|
description: 'Which npm tag should this be published to? (Only for production releases)'
|
|
required: false
|
|
type: choice
|
|
default: latest
|
|
options:
|
|
- latest
|
|
- next
|
|
preid:
|
|
description: 'Which prerelease identifier should be used? (Only for production releases)'
|
|
required: false
|
|
type: choice
|
|
default: ''
|
|
options:
|
|
- ''
|
|
- alpha
|
|
- beta
|
|
- rc
|
|
- next
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
jobs:
|
|
run-nightly:
|
|
if: ${{ github.event_name == 'schedule' }}
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
uses: ./.github/workflows/nightly.yml
|
|
secrets: inherit
|
|
|
|
run-dev:
|
|
if: ${{ github.event_name == 'workflow_dispatch' && inputs.release-type == 'dev' }}
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
uses: ./.github/workflows/dev-build.yml
|
|
secrets: inherit
|
|
|
|
run-production:
|
|
if: ${{ github.event_name == 'workflow_dispatch' && inputs.release-type == 'production' }}
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
uses: ./.github/workflows/release.yml
|
|
secrets: inherit
|
|
with:
|
|
version: ${{ inputs.version }}
|
|
tag: ${{ inputs.tag }}
|
|
preid: ${{ inputs.preid }}
|