diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 006d1af..6561bf1 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -19,8 +19,5 @@ on: jobs: apply: - permissions: - contents: read - issues: write - - uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v15.0.2 + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v15.0.3 + secrets: inherit diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 88d653f..282e89e 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -25,7 +25,5 @@ on: jobs: sync: - permissions: - issues: write - - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v15.0.2 + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v15.0.3 + secrets: inherit diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index 55b5950..2dd3eb0 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -29,9 +29,5 @@ jobs: draft: name: Draft Releases - permissions: - contents: write - pull-requests: write - - uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v15.0.2 + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v15.0.3 secrets: inherit diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml index eef4487..12c7767 100644 --- a/.github/workflows/scheduled-maintenance.yml +++ b/.github/workflows/scheduled-maintenance.yml @@ -25,17 +25,21 @@ jobs: repo_cleanup: runs-on: ubuntu-latest - permissions: - pull-requests: write - issues: write - steps: + - name: Generate Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.MU_ACCESS_APP_ID }} + private-key: ${{ secrets.MU_ACCESS_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + - name: Get Repository Info run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV - name: Prune Won't Fix Pull Requests env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} REPOSITORY: ${{ env.REPOSITORY_NAME }} run: | gh api \ @@ -50,7 +54,7 @@ jobs: - name: Prune Won't Fix Issues env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} REPOSITORY: ${{ env.REPOSITORY_NAME }} run: | gh api \ diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index c874c69..fea3b4c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -25,8 +25,5 @@ on: jobs: check: - permissions: - issues: write - pull-requests: write - - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v15.0.2 + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v15.0.3 + secrets: inherit diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 0cf743a..9b6c434 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -20,7 +20,5 @@ on: jobs: triage: - permissions: - issues: write - - uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v15.0.2 + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v15.0.3 + secrets: inherit