refactor(python.yml): remove unnecessary permissions write-all

fix(python.yml): replace ACCESS_TOKEN with PAT_ACCESS_TOKEN for better security and clarity
benjefferies · Jan 30, 2024 · 58a3413 · 58a3413
1 parent e19860b
commit 58a3413
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
@@ -2,8 +2,6 @@ name: Python
 
 on: [push]
 
-permissions: write-all
-
 jobs:
   build:
     if: github.event_name == 'push' && contains(toJson(github.event.commits), '[ci]') == false
@@ -37,23 +35,23 @@ jobs:
       uses: ./
       if: always()
       with:
-        access_token: ${{ secrets.ACCESS_TOKEN }}
+        access_token: ${{ secrets.PAT_ACCESS_TOKEN }}
         enforce_admins: false
     - name: Test empty commit
       run: |
         git config --global user.email "bot@echosoft.uk"
         git config --global user.name "Branch Protection Bot"
         git commit --allow-empty -m "[ci] Testing commit to master works with temporary branch protection disable"
         git checkout -b master-to-be
-        git push https://benjefferies:${{ secrets.ACCESS_TOKEN }}@github.com/benjefferies/branch-protection-bot.git master-to-be:master
+        git push https://benjefferies:${{ secrets.PAT_ACCESS_TOKEN }}@github.com/benjefferies/branch-protection-bot.git master-to-be:master
     - name: Toggle "include administrators" branch protection
       uses: ./
       if: always()
       with:
-        access_token: ${{ secrets.ACCESS_TOKEN }}
+        access_token: ${{ secrets.PAT_ACCESS_TOKEN }}
     - name: Force enable "include administrators" branch protection
       uses: ./
       if: always()
       with:
-        access_token: ${{ secrets.ACCESS_TOKEN }}
+        access_token: ${{ secrets.PAT_ACCESS_TOKEN }}
         enforce_admins: true