Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite71d5b9

Browse files
authored
Update release workflows to use GitHub App instead of PATs
2 parentsbaaf604 +171a837 commite71d5b9

File tree

3 files changed

+50
-13
lines changed

3 files changed

+50
-13
lines changed

‎.github/workflows/update-release-status.yml‎

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -134,11 +134,23 @@ jobs:
134134
135135
echo "check-run-head-sha=$CHECK_RUN_HEAD_SHA" >> "$GITHUB_OUTPUT"
136136
137+
generate-token:
138+
runs-on:ubuntu-latest
139+
outputs:
140+
token:${{ steps.generate-token.outputs.token }}
141+
steps:
142+
-name:Generate token
143+
id:generate-token
144+
uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
145+
with:
146+
app_id:${{ vars.AUTOMATION_APP_ID }}
147+
private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}
148+
137149
update-release:
138-
needs:validate-check-runs
150+
needs:[validate-check-runs, generate-token]
139151
if:needs.validate-check-runs.outputs.status == 'completed'
140152
uses:./.github/workflows/update-release.yml
141153
with:
142-
head-sha:${{ needs.validate-check-runs.outputs.check-run-head-sha }}
154+
head-sha:${{ needs.validate-check-runs.outputs.check-run-head-sha }}
143155
secrets:
144-
RELEASE_ENGINEERING_TOKEN:${{secrets.RELEASE_ENGINEERING_TOKEN }}
156+
RELEASE_ENGINEERING_TOKEN:${{generate-token.outputs.token }}

‎.github/workflows/update-release.yml‎

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,21 @@ env:
2323
HEAD_SHA:${{ inputs.head-sha }}
2424

2525
jobs:
26+
generate-token:
27+
runs-on:ubuntu-latest
28+
outputs:
29+
token:${{ steps.generate-token.outputs.token }}
30+
steps:
31+
-name:Generate token
32+
id:generate-token
33+
uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
34+
with:
35+
app_id:${{ vars.AUTOMATION_APP_ID }}
36+
private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}
37+
2638
update-release:
2739
name:"Update release"
40+
needs:generate-token
2841
runs-on:ubuntu-22.04
2942
steps:
3043
-name:Checkout
@@ -43,7 +56,7 @@ jobs:
4356
-name:Update release assets
4457
env:
4558
GITHUB_TOKEN:${{ github.token }}
46-
RELEASE_ENGINEERING_TOKEN:${{secrets.RELEASE_ENGINEERING_TOKEN }}
59+
RELEASE_ENGINEERING_TOKEN:${{generate-token.outputs.token }}
4760
run:|
4861
python scripts/release/update-release-assets.py \
4962
--head-sha $HEAD_SHA \

‎.github/workflows/validate-release.yml‎

Lines changed: 21 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,17 @@ env:
1414
HEAD_SHA:${{ github.event.pull_request.head.sha }}
1515

1616
jobs:
17+
generate-token:
18+
runs-on:ubuntu-latest
19+
outputs:
20+
token:${{ steps.generate-token.outputs.token }}
21+
steps:
22+
-name:Generate token
23+
id:generate-token
24+
uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
25+
with:
26+
app_id:${{ vars.AUTOMATION_APP_ID }}
27+
private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}
1728

1829
pre-validate-performance:
1930
outputs:
@@ -36,13 +47,13 @@ jobs:
3647
echo "check-run-id=$check_run_id" >> "$GITHUB_OUTPUT"
3748
3849
validate-performance:
39-
needs:pre-validate-performance
50+
needs:[pre-validate-performance, generate-token]
4051
runs-on:ubuntu-22.04
4152
steps:
4253
-name:Invoke performance test
4354
env:
4455
CHECK_RUN_ID:${{ needs.pre-validate-performance.outputs.check-run-id }}
45-
GH_TOKEN:${{secrets.RELEASE_ENGINEERING_TOKEN }}
56+
GH_TOKEN:${{generate-token.outputs.token }}
4657
run:|
4758
jq -n \
4859
--arg ref "$HEAD_SHA" \
@@ -61,8 +72,8 @@ jobs:
6172
steps:
6273
-name:Fail check run status
6374
env:
64-
CHECK_RUN_ID:${{ needs.pre-validate-performance.outputs.check-run-id }}
65-
GITHUB_TOKEN:${{ github.token }}
75+
CHECK_RUN_ID:${{ needs.pre-validate-performance.outputs.check-run-id }}
76+
GITHUB_TOKEN:${{ github.token }}
6677
run:|
6778
jq -n \
6879
--arg status "completed" \
@@ -97,13 +108,13 @@ jobs:
97108
echo "check-run-id=$check_run_id" >> "$GITHUB_OUTPUT"
98109
99110
validate-compiler-compatibility:
100-
needs:pre-validate-compiler-compatibility
111+
needs:[pre-validate-compiler-compatibility, generate-token]
101112
runs-on:ubuntu-22.04
102113
steps:
103114
-name:Invoke compiler compatibility test
104115
env:
105116
CHECK_RUN_ID:${{ needs.pre-validate-compiler-compatibility.outputs.check-run-id }}
106-
GITHUB_TOKEN:${{secrets.RELEASE_ENGINEERING_TOKEN }}
117+
GITHUB_TOKEN:${{generate-token.outputs.token }}
107118
run:|
108119
jq -n \
109120
--arg ref "$HEAD_SHA" \
@@ -116,14 +127,15 @@ jobs:
116127
--ref rvermeulen/release-process
117128
118129
on-failure-validate-compiler-compatibility-dispatch:
119-
needs:[pre-validate-compiler-compatibility, validate-compiler-compatibility]
130+
needs:
131+
[pre-validate-compiler-compatibility, validate-compiler-compatibility]
120132
if:failure()
121133
runs-on:ubuntu-22.04
122134
steps:
123135
-name:Fail check run status
124136
env:
125-
CHECK_RUN_ID:${{ needs.pre-validate-compiler-compatibility.outputs.check-run-id }}
126-
GITHUB_TOKEN:${{ github.token }}
137+
CHECK_RUN_ID:${{ needs.pre-validate-compiler-compatibility.outputs.check-run-id }}
138+
GITHUB_TOKEN:${{ github.token }}
127139
run:|
128140
jq -n \
129141
--arg status "completed" \

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp