chore(deps): bump codecov/codecov-action from 6 to 7 (#45) #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-please | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # HOMEBREW_TAP_TOKEN is a PAT scoped to BOTH RefuseHQ/refuse-cli | |
| # (contents + pull-requests write) and RefuseHQ/homebrew-tap | |
| # (contents write). One secret unlocks the whole chain: | |
| # - release-please opens the release PR and pushes the tag | |
| # - tags pushed via this PAT (not GITHUB_TOKEN) trigger release.yaml | |
| # — without the PAT, GitHub policy blocks the cascade | |
| # - goreleaser then publishes the cask to RefuseHQ/homebrew-tap | |
| # Falls back to GITHUB_TOKEN so this workflow remains syntactically | |
| # valid in forks that don't have the secret. | |
| - uses: googleapis/release-please-action@v5 | |
| with: | |
| token: ${{ secrets.HOMEBREW_TAP_TOKEN || secrets.GITHUB_TOKEN }} | |
| config-file: release-please-config.json | |
| manifest-file: .release-please-manifest.json |