From 396dbd1817a55f962229c556dbcde4e33a11c75a Mon Sep 17 00:00:00 2001
From: Shidil Eringa <shidil@live.com>
Date: Fri, 9 Feb 2024 12:18:26 +1100
Subject: [PATCH] ci: fix github-publish.yml permissions (#59)

Use the new permissions syntax in workflow file, and use GITHUB_TOKEN to publish the package
---
 .github/workflows/github-publish.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/github-publish.yml b/.github/workflows/github-publish.yml
index 153c67f..4bd663e 100644
--- a/.github/workflows/github-publish.yml
+++ b/.github/workflows/github-publish.yml
@@ -6,14 +6,18 @@ on:
     tags:
       - 'v*.*.*'
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   github-publish:
     name: github-publish
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
-    - uses: actions/setup-node@v3
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
       with:
         node-version: 18
         registry-url: "https://npm.pkg.github.com"
@@ -27,4 +31,4 @@ jobs:
     - name: Publish package
       run: npm publish
       env:
-          NODE_AUTH_TOKEN: ${{ secrets.PAT_TOKEN }}
+        NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}