@@ -20,14 +20,10 @@ permissions: {}
2020jobs :
2121 # Checks a PR for uncommitted changes to built files.
2222 #
23- # This job uses a GitHub App instead of $GITHUB_TOKEN because Dependabot pull requests are only granted
24- # read-only access.
25- #
2623 # Performs the following steps:
2724 # - Attempts to download the artifact containing the PR diff.
2825 # - Checks for the existence of an artifact.
2926 # - Unzips the artifact.
30- # - Generates a token for authenticating with the GitHub App.
3127 # - Checks out the repository.
3228 # - Applies the patch file.
3329 # - Displays the result of git diff.
8985 if : ${{ steps.artifact-check.outputs.exists == 'true' }}
9086 run : unzip pr-built-file-changes.zip
9187
92- - name : Generate Installation Token
93- id : generate_token
94- if : ${{ steps.artifact-check.outputs.exists == 'true' }}
95- env :
96- GH_APP_ID : ${{ secrets.GH_APP_ID }}
97- GH_APP_PRIVATE_KEY : ${{ secrets.GH_APP_PRIVATE_KEY }}
98- run : |
99- echo "$GH_APP_PRIVATE_KEY" > private-key.pem
100-
101- # Generate JWT
102- JWT=$(python3 - <<EOF
103- import jwt, time
104- private_key = open("private-key.pem", "r").read()
105- payload = {
106- "iat": int(time.time()),
107- "exp": int(time.time()) + 600, # 10-minute expiration
108- "iss": $GH_APP_ID
109- }
110- print(jwt.encode(payload, private_key, algorithm="RS256"))
111- EOF
112- )
113-
114- # Get Installation ID
115- INSTALLATION_ID=$(curl -s -X GET -H "Authorization: Bearer $JWT" \
116- -H "Accept: application/vnd.github.v3+json" \
117- https://api.github.com/app/installations | jq -r '.[0].id')
118-
119- # Request Installation Access Token
120- ACCESS_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $JWT" \
121- -H "Accept: application/vnd.github.v3+json" \
122- "https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens" | jq -r '.token')
123-
124- echo "ACCESS_TOKEN=$ACCESS_TOKEN" >> "$GITHUB_ENV"
125-
126- rm -f private-key.pem
127-
12888 - name : Checkout repository
12989 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
13090 if : ${{ steps.artifact-check.outputs.exists == 'true' }}
@@ -148,8 +108,8 @@ jobs:
148108 if : ${{ steps.artifact-check.outputs.exists == 'true' }}
149109 working-directory : ' pr-repo'
150110 run : |
151- git config user.name "test-wp-build-script-commit [bot]"
152- git config user.email ${{ env.GH_APP_ID }}+test-wp-build-script-commit[bot] @users.noreply.github.com
111+ git config user.name "WordPress Build Script Bot [bot]"
112+ git config user.email wordpress @users.noreply.github.com
153113
154114 - name : Stage changes
155115 if : ${{ steps.artifact-check.outputs.exists == 'true' }}
0 commit comments