mirror of
https://github.com/goreleaser/goreleaser-action.git
synced 2026-07-04 03:59:34 +00:00
Replaces GH_PAT (a broad org PAT) with a GitHub App token for pushing the rebuilt dist/ back to Dependabot PR branches. An App token is scoped to this repo with minimal permissions and is short-lived, so it is much safer to expose on the (semi-trusted) Dependabot PR build than a wide PAT. The job stays a no-op until the DIST_REBUILD_APP_ID and DIST_REBUILD_APP_PRIVATE_KEY Dependabot secrets are configured. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| ci.yml | ||
| rebuild-dist.yml | ||
| release-major-tag.yml | ||
| test.yml | ||
| validate.yml | ||