Commitfe76ac6

authored

Merge pull request#438 from rvermeulen/rvermeulen/address-incorrect-create-githubapp-token-usage

Address incorrect create githubapp token usage

2 parents95f1af5 +5287208 commitfe76ac6Copy full SHA for fe76ac6

File tree

4 files changed

+48

-64

lines changed

.github/workflows

4 files changed

+48

-64

lines changed

`‎.github/workflows/prepare-release.yml‎`

Lines changed: 14 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,24 +29,8 @@ env:`
`29`	`29`	`HOTFIX_RELEASE:${{ inputs.hotfix }}`
`30`	`30`
`31`	`31`	`jobs:`
`32`		`-generate-token:`
`33`		`-runs-on:ubuntu-latest`
`34`		`-outputs:`
`35`		`-token:${{ steps.generate-token.outputs.token }}`
`36`		`-steps:`
`37`		`- -name:Generate token`
`38`		`-id:generate-token`
`39`		`-uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
`40`		`-with:`
`41`		`-app_id:${{ vars.AUTOMATION_APP_ID }}`
`42`		`-private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
`43`		`-`
`44`	`32`	`prepare-release:`
`45`		`-outputs:`
`46`		`-pull-request-head-sha:${{ steps.determine-pr-head-sha.outputs.pull-request-head-sha }}`
`47`	`33`	`name:"Prepare release"`
`48`		`-if:github.event_name == 'workflow_dispatch'`
`49`		`-needs:generate-token`
`50`	`34`	`runs-on:ubuntu-22.04`
`51`	`35`	`steps:`
`52`	`36`	`-name:Checkout`
`@@ -157,14 +141,26 @@ jobs:`
`157`	`141`	`git commit -m "Update version"`
`158`	`142`	`git push`
`159`	`143`
	`144`	`+ -name:Generate token`
	`145`	`+id:generate-token`
	`146`	`+uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
	`147`	`+with:`
	`148`	`+app-id:${{ vars.AUTOMATION_APP_ID }}`
	`149`	`+private-key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
	`150`	`+owner:${{ github.repository_owner }}`
	`151`	`+repository:"codeql-coding-standards"`
	`152`	`+`
`160`	`153`	`-name:Create release PR`
`161`	`154`	`env:`
`162`		`-GITHUB_TOKEN:${{ needs.generate-token.outputs.token }}`
	`155`	+# Use the token from the `generate-token` step because we can't use the default workflow token
	`156`	`+# to create a PR and generate PR events to trigger the next workflow because of recursive workflow`
	`157`	`+# trigger protection.`
	`158`	`+GITHUB_TOKEN:${{ steps.generate-token.outputs.token }}`
`163`	`159`	`run:\|`
`164`	`160`	`gh pr create \`
`165`	`161`	`-R $GITHUB_REPOSITORY \`
`166`	`162`	`--title "Release v$RELEASE_VERSION" \`
`167`	`163`	`--body "This PR releases codeql-coding-standards version $RELEASE_VERSION." \`
`168`	`164`	`--base rc/$RELEASE_VERSION \`
`169`	`165`	`--head feature/update-user-manual-for-$RELEASE_VERSION \`
`170`		`- --draft`
	`166`	`+ --draft`

`‎.github/workflows/update-release-status.yml‎`

Lines changed: 2 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -134,23 +134,11 @@ jobs:`
`134`	`134`
`135`	`135`	`echo "check-run-head-sha=$CHECK_RUN_HEAD_SHA" >> "$GITHUB_OUTPUT"`
`136`	`136`
`137`		`-generate-token:`
`138`		`-runs-on:ubuntu-latest`
`139`		`-outputs:`
`140`		`-token:${{ steps.generate-token.outputs.token }}`
`141`		`-steps:`
`142`		`- -name:Generate token`
`143`		`-id:generate-token`
`144`		`-uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
`145`		`-with:`
`146`		`-app_id:${{ vars.AUTOMATION_APP_ID }}`
`147`		`-private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
`148`		`-`
`149`	`137`	`update-release:`
`150`		`-needs:[validate-check-runs, generate-token]`
	`138`	`+needs:validate-check-runs`
`151`	`139`	`if:needs.validate-check-runs.outputs.status == 'completed'`
`152`	`140`	`uses:./.github/workflows/update-release.yml`
`153`	`141`	`with:`
`154`	`142`	`head-sha:${{ needs.validate-check-runs.outputs.check-run-head-sha }}`
`155`	`143`	`secrets:`
`156`		`-RELEASE_ENGINEERING_TOKEN:${{generate-token.outputs.token }}`
	`144`	`+AUTOMATION_PRIVATE_KEY:${{secrets.AUTOMATION_PRIVATE_KEY }}`

`‎.github/workflows/update-release.yml‎`

Lines changed: 12 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,29 +15,16 @@ on:`
`15`	`15`	`The head SHA of the release PR to use for finalizing the release.`
`16`	`16`	`required:true`
`17`	`17`	`secrets:`
`18`		`-RELEASE_ENGINEERING_TOKEN:`
	`18`	`+AUTOMATION_PRIVATE_KEY:`
`19`	`19`	`description:\|`
`20`		`- Thetokento use for accessing the release engineering repository.`
	`20`	`+ Theprivate keyto use to generate a token for accessing the release engineering repository.`
`21`	`21`	`required:true`
`22`	`22`	`env:`
`23`	`23`	`HEAD_SHA:${{ inputs.head-sha }}`
`24`	`24`
`25`	`25`	`jobs:`
`26`		`-generate-token:`
`27`		`-runs-on:ubuntu-latest`
`28`		`-outputs:`
`29`		`-token:${{ steps.generate-token.outputs.token }}`
`30`		`-steps:`
`31`		`- -name:Generate token`
`32`		`-id:generate-token`
`33`		`-uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
`34`		`-with:`
`35`		`-app_id:${{ vars.AUTOMATION_APP_ID }}`
`36`		`-private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
`37`		`-`
`38`	`26`	`update-release:`
`39`	`27`	`name:"Update release"`
`40`		`-needs:generate-token`
`41`	`28`	`runs-on:ubuntu-22.04`
`42`	`29`	`steps:`
`43`	`30`	`-name:Checkout`
`@@ -53,10 +40,19 @@ jobs:`
`53`	`40`	`-name:Install dependencies`
`54`	`41`	`run:pip install -r scripts/release/requirements.txt`
`55`	`42`
	`43`	`+ -name:Generate token`
	`44`	`+id:generate-token`
	`45`	`+uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
	`46`	`+with:`
	`47`	`+app-id:${{ vars.AUTOMATION_APP_ID }}`
	`48`	`+private-key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
	`49`	`+owner:${{ github.repository_owner }}`
	`50`	`+repository:"codeql-coding-standards-release-engineering"`
	`51`	`+`
`56`	`52`	`-name:Update release assets`
`57`	`53`	`env:`
`58`	`54`	`GITHUB_TOKEN:${{ github.token }}`
`59`		`-RELEASE_ENGINEERING_TOKEN:${{ generate-token.outputs.token }}`
	`55`	`+RELEASE_ENGINEERING_TOKEN:${{steps.generate-token.outputs.token }}`
`60`	`56`	`run:\|`
`61`	`57`	`python scripts/release/update-release-assets.py \`
`62`	`58`	`--head-sha $HEAD_SHA \`

`‎.github/workflows/validate-release.yml‎`

Lines changed: 20 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,18 +14,6 @@ env:`
`14`	`14`	`HEAD_SHA:${{ github.event.pull_request.head.sha }}`
`15`	`15`
`16`	`16`	`jobs:`
`17`		`-generate-token:`
`18`		`-runs-on:ubuntu-latest`
`19`		`-outputs:`
`20`		`-token:${{ steps.generate-token.outputs.token }}`
`21`		`-steps:`
`22`		`- -name:Generate token`
`23`		`-id:generate-token`
`24`		`-uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
`25`		`-with:`
`26`		`-app_id:${{ vars.AUTOMATION_APP_ID }}`
`27`		`-private_key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
`28`		`-`
`29`	`17`	`pre-validate-performance:`
`30`	`18`	`outputs:`
`31`	`19`	`check-run-id:${{ steps.create-check-run.outputs.check-run-id }}`
`@@ -47,13 +35,21 @@ jobs:`
`47`	`35`	`echo "check-run-id=$check_run_id" >> "$GITHUB_OUTPUT"`
`48`	`36`
`49`	`37`	`validate-performance:`
`50`		`-needs:[pre-validate-performance, generate-token]`
	`38`	`+needs:pre-validate-performance`
`51`	`39`	`runs-on:ubuntu-22.04`
`52`	`40`	`steps:`
	`41`	`+ -name:Generate token`
	`42`	`+id:generate-token`
	`43`	`+uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
	`44`	`+with:`
	`45`	`+app-id:${{ vars.AUTOMATION_APP_ID }}`
	`46`	`+private-key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
	`47`	`+owner:${{ github.repository_owner }}`
	`48`	`+repository:"codeql-coding-standards-release-engineering"`
`53`	`49`	`-name:Invoke performance test`
`54`	`50`	`env:`
`55`	`51`	`CHECK_RUN_ID:${{ needs.pre-validate-performance.outputs.check-run-id }}`
`56`		`-GH_TOKEN:${{ generate-token.outputs.token }}`
	`52`	`+GH_TOKEN:${{steps.generate-token.outputs.token }}`
`57`	`53`	`run:\|`
`58`	`54`	`jq -n \`
`59`	`55`	`--arg ref "$HEAD_SHA" \`
`@@ -108,13 +104,21 @@ jobs:`
`108`	`104`	`echo "check-run-id=$check_run_id" >> "$GITHUB_OUTPUT"`
`109`	`105`
`110`	`106`	`validate-compiler-compatibility:`
`111`		`-needs:[pre-validate-compiler-compatibility, generate-token]`
	`107`	`+needs:pre-validate-compiler-compatibility`
`112`	`108`	`runs-on:ubuntu-22.04`
`113`	`109`	`steps:`
	`110`	`+ -name:Generate token`
	`111`	`+id:generate-token`
	`112`	`+uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e`
	`113`	`+with:`
	`114`	`+app-id:${{ vars.AUTOMATION_APP_ID }}`
	`115`	`+private-key:${{ secrets.AUTOMATION_PRIVATE_KEY }}`
	`116`	`+owner:${{ github.repository_owner }}`
	`117`	`+repository:"codeql-coding-standards-release-engineering"`
`114`	`118`	`-name:Invoke compiler compatibility test`
`115`	`119`	`env:`
`116`	`120`	`CHECK_RUN_ID:${{ needs.pre-validate-compiler-compatibility.outputs.check-run-id }}`
`117`		`-GITHUB_TOKEN:${{ generate-token.outputs.token }}`
	`121`	`+GITHUB_TOKEN:${{steps.generate-token.outputs.token }}`
`118`	`122`	`run:\|`
`119`	`123`	`jq -n \`
`120`	`124`	`--arg ref "$HEAD_SHA" \`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfe76ac6

File tree

4 files changed

4 files changed

`‎.github/workflows/prepare-release.yml‎`

`‎.github/workflows/update-release-status.yml‎`

`‎.github/workflows/update-release.yml‎`

`‎.github/workflows/validate-release.yml‎`

0 commit comments