From 4bc5e08fd5738ca13878ff5f7d07a93ec54ec7c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A5vard=20Bjerke?= <hkfbjerke@gmail.com>
Date: Wed, 20 Sep 2023 10:44:20 +0200
Subject: [PATCH] build: prevent persisting default GitHub token in semantic
 release (#1660)

* build: use PAT on checkout

* build: try not persisting default github token

---------

Co-authored-by: Havard Bjerke <havard.bjerke@aspentech.com>
---
 .github/workflows/semantic_release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml
index 6c2e3a79f..c144a994d 100644
--- a/.github/workflows/semantic_release.yml
+++ b/.github/workflows/semantic_release.yml
@@ -11,7 +11,8 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
-          token: ${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}
+          persist-credentials: false
+          fetch-depth: 0
 
       - name: configure git
         run: |
@@ -26,4 +27,5 @@ jobs:
         run: npx nx run-many --target=semantic-release --parallel=false
         env:
           GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}