From e6930ee26aa5c87c605118a2040a6c0646b8ffe5 Mon Sep 17 00:00:00 2001
From: Bobronium <appkiller16@gmail.com>
Date: Sat, 4 Apr 2026 05:43:28 +0400
Subject: [PATCH] Fix permissions and repository slug

---
 .github/workflows/cd-update-charts.yaml | 8 ++++++--
 .github/workflows/cd-verify-charts.yaml | 7 ++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/cd-update-charts.yaml b/.github/workflows/cd-update-charts.yaml
index 727a275..75a5679 100644
--- a/.github/workflows/cd-update-charts.yaml
+++ b/.github/workflows/cd-update-charts.yaml
@@ -4,6 +4,9 @@ on:
   workflow_call:
   workflow_dispatch:
 
+permissions:
+  contents: write
+
 jobs:
   generate-charts:
     runs-on: ubuntu-latest
@@ -74,12 +77,13 @@ jobs:
 
           CHARTS_SHA="$(git rev-parse HEAD)"
           CHARTS_SHORT_SHA="${CHARTS_SHA:0:7}"
+          REPO_SLUG="${{ github.repository }}"
 
           # Update chart URLs in README
-          sed -i "s|https://raw.githubusercontent.com/Bobronium/copium/[^/]*/assets/chart_|https://raw.githubusercontent.com/Bobronium/copium/${CHARTS_SHA}/assets/chart_|g" README.md
+          sed -i "s|https://raw.githubusercontent.com/${REPO_SLUG}/[^/]*/assets/chart_|https://raw.githubusercontent.com/${REPO_SLUG}/${CHARTS_SHA}/assets/chart_|g" README.md
 
           # Update showcase.ipynb link to charts commit (notebook is updated with charts)
-          sed -i "s|https://github.com/Bobronium/copium/blob/[^/]*/showcase.ipynb|https://github.com/Bobronium/copium/blob/${CHARTS_SHA}/showcase.ipynb|g" README.md
+          sed -i "s|https://github.com/${REPO_SLUG}/blob/[^/]*/showcase.ipynb|https://github.com/${REPO_SLUG}/blob/${CHARTS_SHA}/showcase.ipynb|g" README.md
 
           git add README.md
 
diff --git a/.github/workflows/cd-verify-charts.yaml b/.github/workflows/cd-verify-charts.yaml
index 41db934..a5265d7 100644
--- a/.github/workflows/cd-verify-charts.yaml
+++ b/.github/workflows/cd-verify-charts.yaml
@@ -4,6 +4,9 @@ on:
   workflow_call:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   verify-charts:
     runs-on: ubuntu-latest
@@ -17,8 +20,10 @@ jobs:
         run: |
           set -euo pipefail
 
+          REPO_SLUG="${{ github.repository }}"
+
           # Extract the chart commit SHA from README
-          CHART_SHA=$(grep -oP 'https://raw\.githubusercontent\.com/Bobronium/copium/\K[a-f0-9]{40}(?=/assets/chart_)' README.md | head -n1 || true)
+          CHART_SHA=$(grep -oP "https://raw\\.githubusercontent\\.com/${REPO_SLUG}/\\K[a-f0-9]{40}(?=/assets/chart_)" README.md | head -n1 || true)
 
           if [[ -z "$CHART_SHA" ]]; then
             echo "ERROR: No chart URLs found in README.md"