From b2fee85e4b61f3724d69866a0a79edc407404af1 Mon Sep 17 00:00:00 2001 From: Joe Polny <50534337+joe-p@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:27:07 -0400 Subject: [PATCH] cicd: use create-github-app-token (#247) * cicd: use create-github-app-token * fix incorrect placement of create-github-app-token --- .github/workflows/cd.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 17bb6aa0..b618069c 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -34,12 +34,18 @@ jobs: runs-on: ubuntu-latest steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.BOT_ID }} + private-key: ${{ secrets.BOT_SK }} + - uses: actions/checkout@v3 with: # Fetch entire repository history so we can determine version number from it fetch-depth: 0 # use release token for production_release, standard token otherwise - token: ${{ inputs.production_release && secrets.RELEASE_GH_TOKEN || secrets.GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} - name: Install poetry run: pipx install poetry @@ -57,7 +63,7 @@ jobs: shell: bash run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT id: get_branch - + - name: Set Git user as GitHub actions run: git config --global user.email "actions@github.com" && git config --global user.name "github-actions" @@ -72,7 +78,7 @@ jobs: publish gh release edit --prerelease "$(poetry run semantic-release print-version --current)" env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} REPOSITORY_USERNAME: __token__ REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }} @@ -87,6 +93,6 @@ jobs: --define=patch_without_tag=true \ publish env: - GH_TOKEN: ${{ secrets.RELEASE_GH_TOKEN }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} REPOSITORY_USERNAME: __token__ REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }}