From 2f50892c07ea053c18a1e1e45fcdc4cdba1ca9f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net>
Date: Mon, 27 Mar 2023 20:13:25 -0700
Subject: [PATCH] Use GITHUB_TOKEN to run GitHub Actions

---
 .github/workflows/docker.yml            | 4 +++-
 .github/workflows/integration_tests.yml | 9 ++++++---
 .github/workflows/unit_tests.yml        | 7 +++++--
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 6c2ee3f19..d0475e505 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,6 +22,8 @@ jobs:
           push: false
 
   multiplatform-build:
+    permissions:
+      packages: write
     if: ${{ ! github.event.pull_request }}
     runs-on: ubuntu-latest
     steps:
@@ -64,7 +66,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
-          password: ${{ secrets.CR_PAT }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Quay.io Registry
         uses: docker/login-action@v2
diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
index 0ac8b8054..561a967fc 100644
--- a/.github/workflows/integration_tests.yml
+++ b/.github/workflows/integration_tests.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  packages: read
+
 jobs:
   Sqlite:
     runs-on: ubuntu-latest
@@ -11,7 +14,7 @@ jobs:
       image: ghcr.io/kanboard/tests:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.CR_PAT }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     steps:
     - uses: actions/checkout@v3
     - name: Validate composer.json and composer.lock
@@ -36,7 +39,7 @@ jobs:
       image: ghcr.io/kanboard/tests:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.CR_PAT }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     services:
       postgres:
         image: postgres:9.4
@@ -78,7 +81,7 @@ jobs:
       image: ghcr.io/kanboard/tests:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.CR_PAT }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     services:
       mysql:
         image: mysql:5.7
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index f90c1ccb8..a2a735f5f 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  packages: read
+
 jobs:
   Sqlite:
     runs-on: ubuntu-latest
@@ -11,7 +14,7 @@ jobs:
       image: ghcr.io/kanboard/tests:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.CR_PAT }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     steps:
     - uses: actions/checkout@v3
     - name: Validate composer.json and composer.lock
@@ -27,7 +30,7 @@ jobs:
       image: ghcr.io/kanboard/tests:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.CR_PAT }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     services:
       postgres:
         image: postgres:9.4