Skip to content

Commit 4070cb0

Browse files
lempiralempira
committed
feat: replace GITHUB_TOKEN with engineering-ci bot token in release workflows
1 parent a137989 commit 4070cb0

File tree

2 files changed

+13
-5
lines changed

2 files changed

+13
-5
lines changed

.github/workflows/cd.yaml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,10 +45,18 @@ jobs:
4545
outputs:
4646
release_version: ${{ steps.get_release_version.outputs.RELEASE_VERSION }}
4747
steps:
48+
- name: Generate bot token
49+
uses: actions/create-github-app-token@v1
50+
id: app_token
51+
with:
52+
app-id: ${{ secrets.BOT_ID }}
53+
private-key: ${{ secrets.BOT_SK }}
54+
4855
- uses: actions/checkout@v4
4956
with:
5057
# Fetch entire repository history so we can determine version number from it
5158
fetch-depth: 0
59+
token: ${{ steps.app_token.outputs.token }}
5260

5361
- name: Set up Python
5462
uses: actions/setup-python@v5
@@ -67,7 +75,7 @@ jobs:
6775
id: get_branch
6876

6977
- name: Set Git user as GitHub actions
70-
run: git config --global user.email "actions@github.com" && git config --global user.name "github-actions"
78+
run: git config --global user.email "179917785+engineering-ci[bot]@users.noreply.github.com" && git config --global user.name "engineering-ci[bot]"
7179

7280
- name: Create Continuous Deployment - Feature Branch
7381
if: steps.get_branch.outputs.branch != 'main' && inputs.production_release != 'true'
@@ -83,7 +91,7 @@ jobs:
8391
gh release edit --prerelease $release_version_tag
8492
echo "RELEASE_VERSION=${release_version_tag:1}" >> $GITHUB_ENV
8593
env:
86-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
94+
GH_TOKEN: ${{ steps.app_token.outputs.token }}
8795
REPOSITORY_USERNAME: __token__
8896
REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }}
8997

@@ -99,7 +107,7 @@ jobs:
99107
gh release edit --prerelease "v$release_version"
100108
echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
101109
env:
102-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
110+
GH_TOKEN: ${{ steps.app_token.outputs.token }}
103111
REPOSITORY_USERNAME: __token__
104112
REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }}
105113

@@ -116,7 +124,7 @@ jobs:
116124
release_version="$(poetry run semantic-release print-version --current)"
117125
echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
118126
env:
119-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
127+
GH_TOKEN: ${{ steps.app_token.outputs.token }}
120128
REPOSITORY_USERNAME: __token__
121129
REPOSITORY_PASSWORD: ${{ secrets.PYPI_API_KEY }}
122130

.github/workflows/publish-release-packages.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ jobs:
7979
GH_TOKEN: ${{ github.token }}
8080

8181
- name: Set Git user as GitHub actions
82-
run: git config --global user.email "actions@github.com" && git config --global user.name "github-actions"
82+
run: git config --global user.email "179917785+engineering-ci[bot]@users.noreply.github.com" && git config --global user.name "engineering-ci[bot]"
8383

8484
- name: Update homebrew cask
8585
run: scripts/update-brew-cask.sh "dist/algokit*-py3-none-any.whl" "dist/algokit*-macos_arm64-brew.tar.gz" "dist/algokit*-macos_x64-brew.tar.gz" "algorandfoundation/homebrew-tap"

0 commit comments

Comments
 (0)