|
24 | 24 | # - Attempts to download the artifact containing the PR diff. |
25 | 25 | # - Checks for the existence of an artifact. |
26 | 26 | # - Unzips the artifact. |
| 27 | + # - Generates a token for authenticating with the GitHub App. |
27 | 28 | # - Checks out the repository. |
28 | 29 | # - Applies the patch file. |
29 | 30 | # - Displays the result of git diff. |
|
83 | 84 | if: ${{ steps.artifact-check.outputs.exists == 'true' }} |
84 | 85 | run: unzip pr-built-file-changes.zip |
85 | 86 |
|
| 87 | + - name: Generate Installation Token |
| 88 | + id: generate_token |
| 89 | + if: ${{ steps.artifact-check.outputs.exists == 'true' }} |
| 90 | + env: |
| 91 | + GH_APP_ID: ${{ secrets.GH_APP_ID }} |
| 92 | + GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }} |
| 93 | + run: | |
| 94 | + echo "$GH_APP_PRIVATE_KEY" > private-key.pem |
| 95 | +
|
| 96 | + # Generate JWT |
| 97 | + JWT=$(python3 - <<EOF |
| 98 | + import jwt, time |
| 99 | + private_key = open("private-key.pem", "r").read() |
| 100 | + payload = { |
| 101 | + "iat": int(time.time()), |
| 102 | + "exp": int(time.time()) + 600, # 10-minute expiration |
| 103 | + "iss": $GH_APP_ID |
| 104 | + } |
| 105 | + print(jwt.encode(payload, private_key, algorithm="RS256")) |
| 106 | + EOF |
| 107 | + ) |
| 108 | +
|
| 109 | + # Get Installation ID |
| 110 | + INSTALLATION_ID=$(curl -s -X GET -H "Authorization: Bearer $JWT" \ |
| 111 | + -H "Accept: application/vnd.github.v3+json" \ |
| 112 | + https://api.github.com/app/installations | jq -r '.[0].id') |
| 113 | +
|
| 114 | + # Request Installation Access Token |
| 115 | + ACCESS_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $JWT" \ |
| 116 | + -H "Accept: application/vnd.github.v3+json" \ |
| 117 | + "https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens" | jq -r '.token') |
| 118 | +
|
| 119 | + echo "ACCESS_TOKEN=$ACCESS_TOKEN" >> "$GITHUB_ENV" |
| 120 | +
|
| 121 | + rm -f private-key.pem |
| 122 | +
|
86 | 123 | - name: Checkout repository |
87 | 124 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
88 | 125 | if: ${{ steps.artifact-check.outputs.exists == 'true' }} |
|
0 commit comments