From dff58fb4fbe6eebd6b1062ada9d02e4768c2f45d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=85=8E=E9=A5=BC=E6=9E=9C=E5=AD=90=E5=8D=B7=E9=B2=A8?=
 =?UTF-8?q?=E9=B1=BC=E8=BE=A3=E6=A4=92?= <yuaotian1998@163.com>
Date: Mon, 30 Dec 2024 18:07:39 +0800
Subject: [PATCH] chore: update GitHub Actions workflows for permissions and
 token usage

- Changed permissions in auto-tag.yml and release.yml to 'write-all' for broader access.
- Updated GITHUB_TOKEN to use RELEASE_TOKEN in both workflows for enhanced security.
- Streamlined the workflows by removing redundant permission specifications.
---
 .github/workflows/auto-tag.yml | 14 ++++----------
 .github/workflows/release.yml  |  8 ++------
 2 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml
index 1ed02b5..2a2d2da 100644
--- a/.github/workflows/auto-tag.yml
+++ b/.github/workflows/auto-tag.yml
@@ -10,13 +10,11 @@ on:
       - "LICENSE"
       - ".gitignore"
 
+permissions: write-all
+
 jobs:
   auto-tag:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
     outputs:
       new_tag: ${{ steps.get_latest_tag.outputs.version }}
     steps:
@@ -41,7 +39,7 @@ jobs:
 
       - name: Create new tag
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
         run: |
           new_tag=${{ steps.get_latest_tag.outputs.version }}
           git config --global user.name 'github-actions[bot]'
@@ -52,9 +50,5 @@ jobs:
   release:
     needs: auto-tag
     uses: ./.github/workflows/release.yml
-    permissions:
-      contents: write
-      packages: write
-      issues: write
-      pull-requests: write
+    permissions: write-all
     secrets: inherit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a7048d8..4192cb1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,11 +6,7 @@ on:
     tags:
       - "v*"
 
-permissions:
-  contents: write
-  packages: write
-  issues: write
-  pull-requests: write
+permissions: write-all
 
 jobs:
   goreleaser:
@@ -51,5 +47,5 @@ jobs:
           version: v1.21.2
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}