Skip to content

Commit

Permalink
Update github actions to use github app token. Attemp 1 (#2121)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Alex-Tideman
Alex-Tideman authored Jul 3, 2024
1 parent 918468f commit 41a98ea
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 4 deletions.
18 changes: 16 additions & 2 deletions .github/workflows/bump-package-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ on:
workflow_dispatch:
branches:
- main
secrets:
TEMPORAL_CICD_APP_ID:
required: true
TEMPORAL_CICD_PRIVATE_KEY:
required: true
inputs:
bump:
required: true
Expand All @@ -26,6 +31,15 @@ jobs:
with:
node-version: 18
registry-url: 'https://registry.npmjs.org'
- name: Prepare checkout token
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
with:
app_id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
private_key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
permissions:
contents: read
pull_requests: write
- name: Configure Git
run: |
git config --local user.name 'Temporal Data (cicd)'
Expand All @@ -37,8 +51,8 @@ jobs:
version=`git describe --abbrev=0 --tags`
branch="releases/$version"
git checkout -b $branch
git remote set-url origin "https://x-access-token:${{ secrets.COMMANDER_DATA_TOKEN }}@github.com/${{ github.repository }}"
git remote set-url origin "https://x-access-token:${{ steps.generate_token.outputs.token }}@github.com/${{ github.repository }}"
git push origin $branch
gh pr create -B main -H $branch --title "bump version in package.json to $version" --body "release version $version"
env:
GH_TOKEN: ${{ secrets.COMMANDER_DATA_TOKEN }}
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
16 changes: 15 additions & 1 deletion .github/workflows/publish-package.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ name: Publish npm Package
on:
pull_request:
types: [closed]
secrets:
TEMPORAL_CICD_APP_ID:
required: true
TEMPORAL_CICD_PRIVATE_KEY:
required: true

jobs:
publish:
Expand All @@ -24,6 +29,15 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Prepare checkout token
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
with:
app_id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
private_key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
permissions:
contents: write
pull_requests: write
- name: Create Release
run: |
version=`cat ./package.json | jq -r .version`
Expand All @@ -32,4 +46,4 @@ jobs:
echo "creating release: $tag"
gh release create $tag --generate-notes
env:
GH_TOKEN: ${{ secrets.COMMANDER_DATA_TOKEN }}
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
17 changes: 16 additions & 1 deletion .github/workflows/update-ui-server.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ on:
push:
branches:
- main
secrets:
TEMPORAL_CICD_APP_ID:
required: true
TEMPORAL_CICD_PRIVATE_KEY:
required: true

jobs:
sync:
Expand All @@ -27,13 +32,23 @@ jobs:
version: '3.x'
repo-token: ${{ secrets.GITHUB_TOKEN }}

- name: Prepare checkout token
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
with:
app_id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
private_key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
permissions:
contents: read
pull_requests: write

- name: Checkout UI Server
uses: actions/checkout@v4
with:
repository: temporalio/ui-server
path: ui-server
ref: main
token: ${{ secrets.COMMANDER_DATA_TOKEN }}
token: ${{ steps.generate_token.outputs.token }}

- name: Build UI
run: pnpm build:server
Expand Down

0 comments on commit 41a98ea

Please sign in to comment.