Fix: GITHUB_TOKEN の権限周りを修正

Aivis-Project · Nov 8, 2024 · 6f74521 · 6f74521
1 parent 238ea34
commit 6f74521
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/.github/actions/download-engine/action.yml b/.github/actions/download-engine/action.yml
@@ -17,6 +17,10 @@ inputs:
     description: "ダウンロードする対象。"
     required: false
     default: ""
+  token:
+    description: "GitHub API トークン。"
+    required: false
+    default: ${{ github.token }}
 
 outputs:
   run_path:
@@ -42,7 +46,7 @@ runs:
       shell: bash
       run: |
         curl -s https://api.github.com/repos/${{ inputs.repo }}/releases \
-            -H 'authorization: Bearer ${{ github.token }}' \
+            -H 'authorization: Bearer ${{ inputs.token }}' \
             -H 'content-type: application/json' > $TEMPDIR/releases.json
         cat $TEMPDIR/releases.json
 
@@ -67,15 +71,15 @@ runs:
         cat $TEMPDIR/target.json | jq -er '[.assets[] | select(.name | contains("'$TARGET'") and endswith(".7z.txt"))][0]' > $TEMPDIR/assets_txt.json
         LIST_URL=$(cat $TEMPDIR/assets_txt.json | jq -er '.browser_download_url')
         echo "7z.txt url: $LIST_URL"
-        echo $LIST_URL | xargs curl -sSL -H "Authorization: Bearer ${{ github.token }}" > $TEMPDIR/download_name.txt
+        echo $LIST_URL | xargs curl -sSL -H "Authorization: Bearer ${{ inputs.token }}" > $TEMPDIR/download_name.txt
         echo "Files to download:"
         cat $TEMPDIR/download_name.txt | sed -e 's|^|- |'
 
         # ファイル一覧の txt にあるファイルをダウンロード
         for i in $(cat $TEMPDIR/download_name.txt); do
           URL=$(cat $TEMPDIR/target.json | jq -er "[.assets[] | select(.name == \"$i\")][0].browser_download_url")
           echo "Download url: $URL, dest: $TEMPDIR/$i"
-          curl -sSL -H "Authorization: Bearer ${{ github.token }}" $URL -o $TEMPDIR/$i &
+          curl -sSL -H "Authorization: Bearer ${{ inputs.token }}" $URL -o $TEMPDIR/$i &
         done
         for job in `jobs -p`; do
           wait $job

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -44,7 +44,7 @@ jobs:
       cache-version: v2
       # GNUコマンド
       sed: ${{ startsWith(matrix.os, 'macos-') && 'gsed' || 'sed' }}
-    # github.token の権限を拡張
+    # secrets.GITHUB_TOKEN の権限を拡張
     permissions:
       contents: read
       packages: read
@@ -221,6 +221,7 @@ jobs:
           version: ${{ env.AIVISSPEECH_ENGINE_VERSION }}
           dest: ${{ github.workspace }}/AivisSpeech-Engine
           target: ${{ matrix.aivisspeech_engine_asset_name }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Merge AivisSpeech Engine into prepackage/
         if: startsWith(matrix.artifact_name, 'windows-') || startsWith(matrix.artifact_name, 'linux-')

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -88,7 +88,7 @@ jobs:
   e2e-test:
     runs-on: ${{ matrix.os }}
     needs: [config]
-    # github.token の権限を拡張
+    # secrets.GITHUB_TOKEN の権限を拡張
     permissions:
       contents: read
       packages: read
@@ -129,6 +129,7 @@ jobs:
           version: ${{ env.AIVISSPEECH_ENGINE_VERSION }}
           dest: ${{ github.workspace }}/AivisSpeech-Engine
           target: ${{ matrix.aivisspeech_engine_asset_name }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup
         run: |