From d7da059da05a724154b2ec1410dde4e8bf077ddb Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Thu, 12 Dec 2024 13:43:01 -0800
Subject: [PATCH 1/9] ci: avoid persisting git credentials between steps in a
 job

---
 .github/workflows/develop.yml | 2 ++
 .github/workflows/publish.yml | 1 +
 .github/workflows/test.yml    | 1 +
 3 files changed, 4 insertions(+)

diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
index ad36f682..97dda648 100644
--- a/.github/workflows/develop.yml
+++ b/.github/workflows/develop.yml
@@ -11,6 +11,8 @@ jobs:
     steps:
       - name: Checkout action
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Setup the Node runtime for this project
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 212e1aad..f15addd1 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -12,6 +12,7 @@ jobs:
       - name: Checkout the current code
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.release.tag_name }}
 
       - name: Configure the runtime node
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c957132c..5451323d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,6 +15,7 @@ jobs:
       - name: "build: checkout the latest changes"
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: "build: setup the node runtime"

From 0e1e878529edbf691f06708dd4717b7e07022f6b Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 10:41:41 -0800
Subject: [PATCH 2/9] ci(temp): remove all permissions from action jobs

---
 .github/workflows/develop.yml | 2 ++
 .github/workflows/publish.yml | 2 ++
 .github/workflows/test.yml    | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
index 97dda648..88310ef0 100644
--- a/.github/workflows/develop.yml
+++ b/.github/workflows/develop.yml
@@ -8,6 +8,8 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
+    permissions:
+      contents: none
     steps:
       - name: Checkout action
         uses: actions/checkout@v4
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index f15addd1..716b0e9e 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,6 +8,8 @@ jobs:
   build:
     name: Build and tag a new version
     runs-on: ubuntu-latest
+    permissions:
+      contents: none
     steps:
       - name: Checkout the current code
         uses: actions/checkout@v4
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5451323d..a4524292 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,6 +11,8 @@ jobs:
     name: Run tests
     runs-on: ubuntu-latest
     environment: staging
+    permissions:
+      contents: none
     steps:
       - name: "build: checkout the latest changes"
         uses: actions/checkout@v4

From 5b7f214016577d44350857769615dbe805370d41 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 10:51:27 -0800
Subject: [PATCH 3/9] ci(fix): reintroduce the write check to tests

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a4524292..53004082 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: staging
     permissions:
-      contents: none
+      checks: write
     steps:
       - name: "build: checkout the latest changes"
         uses: actions/checkout@v4

From bbbd64c0fae5dde0c1deb1b7d2d0fc8bca82cc49 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 10:52:14 -0800
Subject: [PATCH 4/9] ci: use default permissions in the devlopment workflow

---
 .github/workflows/develop.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
index 88310ef0..97dda648 100644
--- a/.github/workflows/develop.yml
+++ b/.github/workflows/develop.yml
@@ -8,8 +8,6 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
-    permissions:
-      contents: none
     steps:
       - name: Checkout action
         uses: actions/checkout@v4

From e49fb07c5f8a4417f9729e7c7a0e973835092c0a Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 11:00:37 -0800
Subject: [PATCH 5/9] ci(fix): use a separate api token with codecov

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 53004082..90238826 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -229,7 +229,7 @@ jobs:
       - name: "chore(health): check up on recent changes to the health score"
         uses: slackapi/slack-health-score@v0.1.1
         with:
-          codecov_token: ${{ secrets.CODECOV_TOKEN }}
+          codecov_token: ${{ secrets.CODECOV_API_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           extension: js
           include: src

From d631cfa82d352251f36e3f047c363b82f3c7aeaa Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 11:09:33 -0800
Subject: [PATCH 6/9] chore: tag a release candidate

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index aed5e9a3..5d821b00 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "slack-github-action",
-  "version": "2.0.0",
+  "version": "2.0.1-rc.1",
   "description": "The official Slack Github Action. Use this to send data into your Slack workspace",
   "main": "dist/index.js",
   "type": "module",

From b563ce226161d88ab743d8c724a54fef0991e527 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 11:13:19 -0800
Subject: [PATCH 7/9] ci(fix): publish and write contents to the repo

a failing workflow: https://github.com/zimeg/slack-github-action/actions/runs/12321606820/job/34393378375#step:6:43
fixed documentation: https://docs.github.com/en/rest/git/trees?apiVersion=2022-11-28#create-a-tree
---
 .github/workflows/publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 716b0e9e..f3d012ca 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -9,7 +9,7 @@ jobs:
     name: Build and tag a new version
     runs-on: ubuntu-latest
     permissions:
-      contents: none
+      contents: write
     steps:
       - name: Checkout the current code
         uses: actions/checkout@v4

From 85d7bb534f9b50c46f6e1f20c4ac8a1d3ed526d8 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 11:14:37 -0800
Subject: [PATCH 8/9] chore: tag a release candidate

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5d821b00..1e353783 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "slack-github-action",
-  "version": "2.0.1-rc.1",
+  "version": "2.0.1-rc.2",
   "description": "The official Slack Github Action. Use this to send data into your Slack workspace",
   "main": "dist/index.js",
   "type": "module",

From d584e53f7c6a1a7aa43d8a0ebdc9c45fa83288dc Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 13 Dec 2024 11:41:09 -0800
Subject: [PATCH 9/9] revert: undo release candidatees for the pr

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 1e353783..aed5e9a3 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "slack-github-action",
-  "version": "2.0.1-rc.2",
+  "version": "2.0.0",
   "description": "The official Slack Github Action. Use this to send data into your Slack workspace",
   "main": "dist/index.js",
   "type": "module",