use github app installation token for device repository cloning

This is required for cloning private submodules - as the default behaviour means the token is scoped only to the repository the workflow is running on Change-type: patch Signed-off-by: Ryan Cooke <[email protected]>
balena-os · Oct 1, 2024 · f35eb7f · f35eb7f
1 parent e5cb5d9
commit f35eb7f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/yocto-build-deploy.yml b/.github/workflows/yocto-build-deploy.yml
@@ -1065,13 +1065,16 @@ jobs:
 
     steps:
       # https://github.com/actions/create-github-app-token
+      # We give the owner arg, meaning that this token will be valid for all repositories in the org
+      # This behvaiour is required for private submodules
       - name: Create GitHub App installation token
         uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         id: app-token
         if: vars.FLOWZONE_APP_ID != ''
         with:
           app-id: ${{ vars.FLOWZONE_APP_ID }}
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
 
       # Generate another app token for the balena-io organization
       # so we can checkout private contracts