From f84915fd50a0fcfbd67ca9331bf56858feff2a17 Mon Sep 17 00:00:00 2001
From: Jiawei Du <jiaweidu_js@163.com>
Date: Tue, 7 May 2024 11:13:01 +0800
Subject: [PATCH 1/2] Fix checkout/commit/push users

---
 .github/workflows/release.yaml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 4f73aa6a6..841a2b8ab 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -6,7 +6,14 @@ permissions: write-all
 env:
   ContainerRegistry: "ghcr.io"
   ContainerRegistryRepo: "ghcr.io/eclipse-symphony"
-
+  BOT_USER_NAME: eclipse-symphoy-bot
+  BOT_EMAIL_ID: symphony-bot@eclipse.org
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# Two users are used in this pipeline
+# BOT_USER_NAME (eclipse-symphoy-bot) / secrets.BOT_GITHUB_TOKEN is used to checkout/commit/push the changes to the repository
+# github.repository_owner / secrets.GITHUB_TOKEN is used to login to the docker registry and helm registry and to create the release
 jobs:
   build:
     if: github.repository == 'eclipse-symphony/symphony' && (github.actor == 'chgennar' || github.actor == 'juancooldude' || github.actor == 'Haishi2016' || github.actor == 'nonsocode' || github.actor == 'msftcoderdjw' || github.actor == 'TonyXiaofeng' || github.actor == 'iwangjintian') 
@@ -14,6 +21,14 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
+
+      - name: Git config
+        run: |
+            git config user.name ${{ env.BOT_USER_NAME }}
+            git config user.email ${{ env.BOT_EMAIL_ID }}
 
       - name: Install dependencies
         run: |
@@ -150,7 +165,7 @@ jobs:
       - name: Push changes
         uses: ad-m/github-push-action@master
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.BOT_GITHUB_TOKEN }}
           branch: main
 
       - name: Create Release

From 4a1f55bebe01e877ec43425117d6b50a1e2f751d Mon Sep 17 00:00:00 2001
From: Jiawei Du <jiaweidu_js@163.com>
Date: Tue, 7 May 2024 14:44:55 +0800
Subject: [PATCH 2/2] address comments

---
 .github/workflows/release.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 841a2b8ab..58d2434b5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -2,13 +2,14 @@ name: Release
 
 on:
   workflow_dispatch:
-permissions: write-all
+permissions:
+  contents: write
+  packages: write
 env:
   ContainerRegistry: "ghcr.io"
   ContainerRegistryRepo: "ghcr.io/eclipse-symphony"
   BOT_USER_NAME: eclipse-symphoy-bot
   BOT_EMAIL_ID: symphony-bot@eclipse.org
-  REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 # Two users are used in this pipeline
@@ -22,7 +23,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
         with:
-          fetch-depth: 0
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
 
       - name: Git config