diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index df472da10..5e316ca1c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -245,8 +245,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup PNPM uses: pnpm/action-setup@v2.2.1 @@ -276,7 +274,9 @@ jobs: commit: '[ci] release' title: '[ci] release' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Needs access to push to main + GITHUB_TOKEN: ${{ secrets.FREDKBOT_GITHUB_TOKEN }} + # Needs access to publish to npm NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Generate Notification diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index 4431c1675..a58fef95d 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -29,3 +29,5 @@ jobs: with: commit_message: '[ci] format' branch: ${{ github.head_ref }} + # Needs access to push to main + token: ${{ secrets.FREDKBOT_GITHUB_TOKEN }} diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 251f5517e..310adb343 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -29,12 +29,16 @@ jobs: - name: Collect stats run: node scripts/stats/index.js env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Needs access to collect stats from the GitHub API + GITHUB_TOKEN: ${{ secrets.FREDKBOT_GITHUB_TOKEN }} + - name: Commit changes uses: stefanzweifel/git-auto-commit-action@v4 with: commit_message: '[ci] collect stats' branch: ${{ github.head_ref }} + # Needs access to push to main + token: ${{ secrets.FREDKBOT_GITHUB_TOKEN }} lockfile: if: github.repository_owner == 'withastro' @@ -61,7 +65,8 @@ jobs: uses: peter-evans/create-pull-request@v3 with: branch: ci/lockfile - token: ${{ secrets.NIGHTLY_PERSONAL_GITHUB_TOKEN }} + # Access token is needed to trigger CI on this PR + token: ${{ secrets.FREDKBOT_GITHUB_TOKEN }} commit-message: '[ci] update lockfile' title: '[ci] update lockfile' body: >