diff --git a/.github/workflows/commit-changes.yml b/.github/workflows/commit-changes.yml index d05ab5c..2d752f3 100644 --- a/.github/workflows/commit-changes.yml +++ b/.github/workflows/commit-changes.yml @@ -11,6 +11,13 @@ on: required: true type: string description: 'File patterns to add (space-separated)' + secrets: + APP_ID: + required: true + description: 'GitHub App ID' + APP_PRIVATE_KEY: + required: true + description: 'GitHub App private key' jobs: commit: @@ -18,6 +25,13 @@ jobs: permissions: contents: write steps: + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Configure Git run: | git config --global user.name 'github-actions[bot]' @@ -49,4 +63,4 @@ jobs: # Push the changes git push origin $BRANCH_NAME env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/generate-code-samples.yml b/.github/workflows/generate-code-samples.yml index 3d79acb..864fba3 100644 --- a/.github/workflows/generate-code-samples.yml +++ b/.github/workflows/generate-code-samples.yml @@ -14,16 +14,24 @@ jobs: runs-on: macos-latest steps: + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ steps.app-token.outputs.token }} - name: Set up mise uses: jdx/mise-action@v2 with: cache: true env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - name: Install dependencies run: pnpm install --frozen-lockfile @@ -67,4 +75,4 @@ jobs: with: commit_message: 'Update code samples' file_patterns: 'merged_code_samples_specs/* modified_code_samples_specs/* final_specs/* .speakeasy/*' - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/openapi-diff-report.yml b/.github/workflows/openapi-diff-report.yml index f24f4c6..0b393e9 100644 --- a/.github/workflows/openapi-diff-report.yml +++ b/.github/workflows/openapi-diff-report.yml @@ -18,6 +18,13 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Checkout repository uses: actions/checkout@v4 @@ -26,7 +33,7 @@ jobs: with: cache: true env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - name: Install dependencies run: pnpm install --frozen-lockfile --ignore-scripts diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 91cf8ee..c467fc2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,6 +11,13 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: actions/checkout@v4 - name: Set up mise @@ -18,7 +25,7 @@ jobs: with: cache: true env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - name: Install dependencies run: pnpm install --frozen-lockfile diff --git a/.github/workflows/transform.yml b/.github/workflows/transform.yml index 307a9ae..5ef3201 100644 --- a/.github/workflows/transform.yml +++ b/.github/workflows/transform.yml @@ -16,16 +16,24 @@ jobs: transform: runs-on: ubuntu-latest steps: + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ steps.app-token.outputs.token }} - name: Set up mise uses: jdx/mise-action@v2 with: cache: true env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - name: Install dependencies run: pnpm install --frozen-lockfile --ignore-scripts @@ -124,4 +132,4 @@ jobs: Generated-by: .github/workflows/transform.yml file_patterns: 'generated_specs/* .speakeasy/* overlayed_specs/*' - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/trigger-client-generation.yml b/.github/workflows/trigger-client-generation.yml index 094bdf2..66a6e3b 100644 --- a/.github/workflows/trigger-client-generation.yml +++ b/.github/workflows/trigger-client-generation.yml @@ -67,10 +67,19 @@ jobs: if: needs.check.outputs.should_trigger == 'true' steps: + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + owner: gleanwork + repositories: api-client-python,api-client-typescript,api-client-go,api-client-java + - name: Trigger Python Client SDK Generation uses: actions/github-script@v7 with: - github-token: ${{ secrets.CLIENT_GENERATION_TOKEN }} + github-token: ${{ steps.app-token.outputs.token }} script: | const result = await github.rest.actions.createWorkflowDispatch({ owner: 'gleanwork', @@ -84,7 +93,7 @@ jobs: - name: Trigger TypeScript Client SDK Generation uses: actions/github-script@v7 with: - github-token: ${{ secrets.CLIENT_GENERATION_TOKEN }} + github-token: ${{ steps.app-token.outputs.token }} script: | const result = await github.rest.actions.createWorkflowDispatch({ owner: 'gleanwork', @@ -98,7 +107,7 @@ jobs: - name: Trigger Go Client SDK Generation uses: actions/github-script@v7 with: - github-token: ${{ secrets.CLIENT_GENERATION_TOKEN }} + github-token: ${{ steps.app-token.outputs.token }} script: | const result = await github.rest.actions.createWorkflowDispatch({ owner: 'gleanwork', @@ -112,7 +121,7 @@ jobs: - name: Trigger Java Client SDK Generation uses: actions/github-script@v7 with: - github-token: ${{ secrets.CLIENT_GENERATION_TOKEN }} + github-token: ${{ steps.app-token.outputs.token }} script: | const result = await github.rest.actions.createWorkflowDispatch({ owner: 'gleanwork', diff --git a/.github/workflows/trigger-developer-site-redeploy.yml b/.github/workflows/trigger-developer-site-redeploy.yml index d6aa169..c87ce5f 100644 --- a/.github/workflows/trigger-developer-site-redeploy.yml +++ b/.github/workflows/trigger-developer-site-redeploy.yml @@ -33,10 +33,19 @@ jobs: echo "Automatically triggered after successful Deploy Specs to GitHub Pages workflow" fi + - name: Generate App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + owner: gleanwork + repositories: glean-developer-site + - name: Trigger Developer Site Redeploy uses: actions/github-script@v7 with: - github-token: ${{ secrets.DEVELOPER_SITE_REDEPLOY_TOKEN }} + github-token: ${{ steps.app-token.outputs.token }} script: | const reason = '${{ github.event.inputs.reason }}' || "Triggered by OpenAPI specs deployment"; const result = await github.rest.actions.createWorkflowDispatch({