diff --git a/.github/workflows/release-4.x.yml b/.github/workflows/release-4.x.yml index 5735a86dbb3..dcda4e2d822 100644 --- a/.github/workflows/release-4.x.yml +++ b/.github/workflows/release-4.x.yml @@ -6,14 +6,13 @@ on: permissions: contents: write pull-requests: write + id-token: write name: release-4x jobs: release-please: runs-on: ubuntu-latest - permissions: - id-token: write steps: - id: release uses: google-github-actions/release-please-action@v3 diff --git a/.github/workflows/release-alpha.yml b/.github/workflows/release-alpha.yml index 73abc2a957e..937ba537f2f 100644 --- a/.github/workflows/release-alpha.yml +++ b/.github/workflows/release-alpha.yml @@ -8,13 +8,14 @@ on: required: true type: string +permissions: + id-token: write + name: release-alpha jobs: release-alpha: runs-on: ubuntu-latest - permissions: - id-token: write steps: - shell: bash run: | diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 4409562cc56..0be13e3c125 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -11,13 +11,14 @@ on: # As long as the commit hash has changed on main a release will be published workflow_dispatch: {} +permissions: + id-token: write + name: release-nightly jobs: release-nightly: runs-on: ubuntu-latest - permissions: - id-token: write steps: - uses: actions/checkout@v3 - name: actions/setup diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2eefa9848c2..7cc1ca92af0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,14 +6,13 @@ on: permissions: contents: write pull-requests: write + id-token: write name: release jobs: release-please: runs-on: ubuntu-latest - permissions: - id-token: write steps: - id: release uses: google-github-actions/release-please-action@v3