fix: correctly set RELEASER_ACCOUNT_TOKEN

.github/workflows/build-lint-test.yaml

@@ -2,6 +2,10 @@
 
 name: Build, Lint, and Test Project
 
+# Required permission on the caller workflow
+# permissions:
+#   contents: read
+
 on:
   workflow_call:
     inputs:
@@ -11,9 +15,6 @@ on:
         default: 'lts/*'
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   main:
     name: Build, Lint, and Test Project
@@ -26,7 +27,7 @@ jobs:
       - name: 🔧 Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: ${{ inputs.NODE_VERSION }}
+          node-version: ${{ inputs.node-version }}
 
       - name: 🛠️ Setup Node.js Corepack
         run: corepack enable

.github/workflows/codeql.yaml

@@ -2,14 +2,15 @@
 
 name: CodeQL
 
+# Required permission on the caller workflow
+# permissions:
+#   actions: read
+#   contents: read
+#   security-events: write
+
 on:
   workflow_call:
 
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
 jobs:
   main:
     name: CodeQL Analyze

.github/workflows/dependency-review.yaml

@@ -2,6 +2,10 @@
 
 name: Dependency Review
 
+# Required permission on the caller workflow
+# permissions:
+#   contents: read
+
 on:
   workflow_call:
     inputs:
@@ -16,9 +20,6 @@ on:
         type: string
         default: 'next'
 
-permissions:
-  contents: read
-
 jobs:
   main:
     name: Dependency Review

.github/workflows/publish-npm.yaml

@@ -2,6 +2,11 @@
 
 name: Publish NPM
 
+# Required permission on the caller workflow
+# permissions:
+#   contents: read
+#   id-token: write
+
 on:
   workflow_call:
     inputs:
@@ -20,10 +25,6 @@ on:
         required: true
         description: 'NPM token'
 
-permissions:
-  contents: read
-  id-token: write
-
 jobs:
   main:
     if: github.repository_owner == 'the-nexim'

.github/workflows/release.yaml

@@ -2,6 +2,10 @@
 
 name: Build & Lint & Test & Release
 
+# Required permission on the caller workflow
+# permissions:
+#   contents: write
+
 on:
   workflow_call:
     inputs:
@@ -11,19 +15,16 @@ on:
         default: 'lts/*'
         type: string
     secrets:
+      RELEASER_ACCOUNT_TOKEN:
+        required: true
+        description: 'GitHub token for the releaser account'
       GPG_KEY_ID:
         required: true
         description: 'GPG key ID'
-      BOT_TOKEN:
-        required: true
-        description: 'Nexim Bot token'
       GPG_PRIVATE_KEY:
         required: true
         description: 'GPG private key'
 
-permissions:
-  contents: write
-
 jobs:
   main:
     name: Build & Lint & Test & Release
@@ -34,7 +35,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.BOT_TOKEN }}
+          token: ${{ secrets.RELEASER_ACCOUNT_TOKEN }}
 
       - name: 🙂‍↔️ Import GPG key
         run: |
@@ -94,5 +95,5 @@ jobs:
       - name: 🤖 Get Release
         run: yarn lerna version --yes
         env:
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.RELEASER_ACCOUNT_TOKEN }}
           WIREIT_LOGGER: metrics

.github/workflows/sync-label.yaml

@@ -0,0 +1,24 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Sync labels
+
+# Required permission on the caller workflow
+# permissions:
+#   contents: read
+#   issues: write
+
+on:
+  workflow_call:
+
+jobs:
+  main:
+    name: Sync labels
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ⤵️ Check out code from GitHub
+        uses: actions/checkout@v4
+
+      - name: 🚀 Run Label Syncer
+        uses: micnncim/action-label-syncer@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}