From c101a675b9681c6f686950ce4545df3a8ffc2fdd Mon Sep 17 00:00:00 2001 From: hc-github-team-nomad-core <82989552+hc-github-team-nomad-core@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:53:12 +0100 Subject: [PATCH] backport of commit e963d55ea09d5538976deead1b1d336623b2f353 (#24585) Co-authored-by: Daniel Bennett --- .github/workflows/release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6efc7670f78..cab2b6062de 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,6 +53,8 @@ jobs: exit 1 fi - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Retrieve Vault-hosted Secrets if: endsWith(github.repository, '-enterprise') id: vault @@ -65,8 +67,7 @@ jobs: secrets: |- kv/data/github/hashicorp/nomad-enterprise/gha ELEVATED_GITHUB_TOKEN ; - name: Git config token - if: endsWith(github.repository, '-enterprise') - run: git config --global url.'https://${{ env.ELEVATED_GITHUB_TOKEN }}@github.com'.insteadOf 'https://github.com' + run: git config --global url.'https://${{ env.ELEVATED_GITHUB_TOKEN || secrets.ELEVATED_GITHUB_TOKEN }}@github.com'.insteadOf 'https://github.com' - name: Git config user/name run: |- git config --global user.email "github-team-nomad-core@hashicorp.com" @@ -215,5 +216,5 @@ jobs: fi permissions: - contents: write + contents: read id-token: write