Make the publish action work like Okio's by squarejesse · Pull Request #9202 · square/okhttp

squarejesse · 2025-11-18T18:33:50Z

No description provided.

+    runs-on: macos-15
+
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'zulu'
+          java-version-file: .github/workflows/.java-version
+
+      - run: ./gradlew publish
+        env:
+          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_CENTRAL_USERNAME }}
+          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_CENTRAL_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SECRET_KEY }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SECRET_PASSPHRASE }}


To fix the problem, add a permissions block specifying the minimum necessary privileges for the workflow. In most publish workflows, unless you are using actions that write to issues, pull requests, or deployments, you typically only need read access to the repository contents. Place the following block after the name and before any jobs or steps:

permissions: contents: read

If future workflow changes require more privileges (e.g. writing releases or deployments), adjust accordingly.
Edit the .github/workflows/publish.yml file and insert the permissions block after the name: publish line and before the on: line.

JakeWharton · 2025-11-18T18:59:18Z

-        uses: gradle/actions/setup-gradle@v5
-
-      - name: Upload Artifacts
-        run: ./gradlew clean publish --stacktrace


Still need this for snapshots

oooh good call. Fixed.

Mejor chinga. Pero atu madre . Solo joder saben

Make the publish action work like Okio's

5df9f8e

squarejesse requested review from JakeWharton and yschimke November 18, 2025 18:33

github-advanced-security AI found potential problems Nov 18, 2025

View reviewed changes

JakeWharton approved these changes Nov 18, 2025

View reviewed changes

yschimke approved these changes Nov 18, 2025

View reviewed changes

Keep publishing snapshots

0feba80

swankjesse merged commit 5b23df7 into master Nov 19, 2025
27 of 29 checks passed

swankjesse deleted the jwilson.1118.publish_on_push_tags branch November 19, 2025 15:45

swankjesse mentioned this pull request Jun 8, 2026

Use JDK26 (unless we're specifically testing old JDKs) #9481

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make the publish action work like Okio's#9202

Make the publish action work like Okio's#9202
swankjesse merged 2 commits into
masterfrom
jwilson.1118.publish_on_push_tags

squarejesse commented Nov 18, 2025

Uh oh!

Check warning

Copilot Autofix

JakeWharton Nov 18, 2025

Uh oh!

swankjesse Nov 19, 2025

Uh oh!

cmr13locotes-source Nov 26, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

@@ -1,4 +1,6 @@
             name: publish
+            permissions:
+              contents: read
             on:
               push:

Conversation

squarejesse commented Nov 18, 2025

Uh oh!

Check warning

Copilot Autofix

JakeWharton Nov 18, 2025

Choose a reason for hiding this comment

Uh oh!

swankjesse Nov 19, 2025

Choose a reason for hiding this comment

Uh oh!

cmr13locotes-source Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants