Skip to content

Commit fe5e6bc

Browse files
traskrajkumar-rangaraj
trask
and
rajkumar-rangaraj
authored
[infra] Migrate to otelbot (#6506)
Co-authored-by: Rajkumar Rangaraj <[email protected]>
1 parent 7fad757 commit fe5e6bc

File tree

6 files changed

+119
-77
lines changed

6 files changed

+119
-77
lines changed

.github/workflows/automation.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,16 @@ on:
55
outputs:
66
enabled:
77
value: ${{ jobs.resolve-automation.outputs.enabled == 'true' }}
8-
token-secret-name:
9-
value: ${{ jobs.resolve-automation.outputs.token-secret-name }}
108
username:
119
value: ${{ vars.AUTOMATION_USERNAME }}
1210
email:
1311
value: ${{ vars.AUTOMATION_EMAIL }}
12+
application-name:
13+
value: ${{ vars.AUTOMATION_APPLICATION_NAME }}
14+
application-username:
15+
value: ${{ vars.AUTOMATION_APPLICATION_USERNAME }}
1416
secrets:
15-
OPENTELEMETRYBOT_GITHUB_TOKEN:
17+
OTELBOT_DOTNET_PRIVATE_KEY:
1618
required: false
1719

1820
permissions:
@@ -25,13 +27,11 @@ jobs:
2527

2628
outputs:
2729
enabled: ${{ steps.evaluate.outputs.enabled }}
28-
token-secret-name: ${{ steps.evaluate.outputs.token-secret-name }}
2930

3031
env:
31-
OPENTELEMETRYBOT_GITHUB_TOKEN_EXISTS: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN != '' }}
32+
OTELBOT_DOTNET_PRIVATE_KEY_EXISTS: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY != '' }}
3233

3334
steps:
3435
- id: evaluate
3536
run: |
36-
echo "enabled=${{ env.OPENTELEMETRYBOT_GITHUB_TOKEN_EXISTS == 'true' }}" >> "$GITHUB_OUTPUT"
37-
echo "token-secret-name=OPENTELEMETRYBOT_GITHUB_TOKEN" >> "$GITHUB_OUTPUT"
37+
echo "enabled=${{ env.OTELBOT_DOTNET_PRIVATE_KEY_EXISTS == 'true' }}" >> "$GITHUB_OUTPUT"

.github/workflows/post-release.yml

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@ permissions:
2222
jobs:
2323
automation:
2424
uses: ./.github/workflows/automation.yml
25-
secrets: inherit
25+
secrets:
26+
OTELBOT_DOTNET_PRIVATE_KEY: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
2627

2728
push-packages-and-publish-release:
2829
runs-on: ubuntu-22.04
@@ -33,20 +34,23 @@ jobs:
3334
github.event_name == 'issue_comment' &&
3435
github.event.issue.pull_request &&
3536
github.event.issue.locked == true &&
36-
github.event.comment.user.login != needs.automation.outputs.username &&
37+
github.event.comment.user.login != needs.automation.outputs.application-username &&
3738
contains(github.event.comment.body, '/PushPackages') &&
3839
startsWith(github.event.issue.title, '[release] Prepare release ') &&
3940
github.event.issue.pull_request.merged_at &&
4041
needs.automation.outputs.enabled
4142
42-
env:
43-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
44-
4543
steps:
44+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
45+
id: otelbot-token
46+
with:
47+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
48+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
49+
4650
- name: Check out code
4751
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4852
with:
49-
token: ${{ env.GH_TOKEN }}
53+
token: ${{ steps.otelbot-token.outputs.token }}
5054
ref: ${{ github.event.repository.default_branch }}
5155

5256
- name: Setup .NET
@@ -55,7 +59,8 @@ jobs:
5559
- name: Push packages and publish release
5660
shell: pwsh
5761
env:
58-
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
62+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
63+
EXPECTED_PR_AUTHOR_USER_NAME: ${{ needs.automation.outputs.application-name }}
5964
COMMENT_USER_NAME: ${{ github.event.comment.user.login }}
6065
ISSUE_NUMBER: ${{ github.event.issue.number }}
6166
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
@@ -66,7 +71,7 @@ jobs:
6671
PushPackagesPublishReleaseUnlockAndPostNoticeOnPrepareReleasePullRequest `
6772
-gitRepository ${env:GITHUB_REPOSITORY} `
6873
-pullRequestNumber ${env:ISSUE_NUMBER} `
69-
-botUserName ${env:BOT_USER_NAME} `
74+
-expectedPrAuthorUserName ${env:EXPECTED_PR_AUTHOR_USER_NAME} `
7075
-commentUserName ${env:COMMENT_USER_NAME} `
7176
-artifactDownloadPath "${env:GITHUB_WORKSPACE}/artifacts" `
7277
-pushToNuget $HasToken
@@ -81,17 +86,20 @@ jobs:
8186
needs.automation.outputs.enabled &&
8287
(github.event_name == 'release' || github.event_name == 'workflow_dispatch')
8388
84-
env:
85-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
86-
8789
steps:
90+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
91+
id: otelbot-token
92+
with:
93+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
94+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
95+
8896
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
8997
with:
9098
# Note: By default GitHub only fetches 1 commit. We need all the tags
9199
# for this work.
92100
fetch-depth: 0
93101
ref: ${{ github.event.repository.default_branch }}
94-
token: ${{ env.GH_TOKEN }}
102+
token: ${{ steps.otelbot-token.outputs.token }}
95103

96104
- name: Setup dotnet
97105
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
@@ -102,6 +110,7 @@ jobs:
102110
|| (inputs.tag && startsWith(inputs.tag, 'core-') && !contains(inputs.tag, '-alpha') && !contains(inputs.tag, '-beta') && !contains(inputs.tag, '-rc'))
103111
shell: pwsh
104112
env:
113+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
105114
BOT_USER_EMAIL: ${{ needs.automation.outputs.email }}
106115
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
107116
TAG: ${{ inputs.tag || github.ref_name }}
@@ -120,6 +129,7 @@ jobs:
120129
if: vars.CONTRIB_REPO
121130
shell: pwsh
122131
env:
132+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
123133
CONTRIB_REPO: ${{ vars.CONTRIB_REPO }}
124134
TAG: ${{ inputs.tag || github.ref_name }}
125135
run: |
@@ -132,12 +142,13 @@ jobs:
132142
- name: Post notice when release is published
133143
shell: pwsh
134144
env:
135-
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
145+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
146+
EXPECTED_PR_AUTHOR_USER_NAME: ${{ needs.automation.outputs.application-name }}
136147
TAG: ${{ inputs.tag || github.ref_name }}
137148
run: |
138149
Import-Module .\build\scripts\post-release.psm1
139150
140151
TryPostReleasePublishedNoticeOnPrepareReleasePullRequest `
141152
-gitRepository ${env:GITHUB_REPOSITORY} `
142-
-botUserName ${env:BOT_USER_NAME} `
153+
-expectedPrAuthorUserName ${env:EXPECTED_PR_AUTHOR_USER_NAME} `
143154
-tag ${env:TAG}

.github/workflows/prepare-release.yml

Lines changed: 54 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,8 @@ permissions:
2929
jobs:
3030
automation:
3131
uses: ./.github/workflows/automation.yml
32-
secrets: inherit
32+
secrets:
33+
OTELBOT_DOTNET_PRIVATE_KEY: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
3334

3435
prepare-release-pr:
3536
runs-on: ubuntu-22.04
@@ -38,18 +39,22 @@ jobs:
3839

3940
if: github.event_name == 'workflow_dispatch' && needs.automation.outputs.enabled
4041

41-
env:
42-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
43-
4442
steps:
43+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
44+
id: otelbot-token
45+
with:
46+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
47+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
48+
4549
- name: Check out code
4650
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4751
with:
48-
token: ${{ env.GH_TOKEN }}
52+
token: ${{ steps.otelbot-token.outputs.token }}
4953

5054
- name: Create GitHub Pull Request to prepare release
5155
shell: pwsh
5256
env:
57+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
5358
BOT_USER_EMAIL: ${{ needs.automation.outputs.email }}
5459
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
5560
COMMENT_USER_NAME: ${{ github.event.sender.login }}
@@ -75,32 +80,36 @@ jobs:
7580
if: |
7681
github.event_name == 'pull_request' &&
7782
github.event.action == 'closed' &&
78-
github.event.pull_request.user.login == needs.automation.outputs.username &&
83+
github.event.pull_request.user.login == needs.automation.outputs.application-username &&
7984
github.event.pull_request.merged == true &&
8085
startsWith(github.event.pull_request.title, '[release] Prepare release ') &&
8186
needs.automation.outputs.enabled
8287
83-
env:
84-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
85-
8688
steps:
89+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
90+
id: otelbot-token
91+
with:
92+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
93+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
94+
8795
- name: Check out code
8896
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
8997
with:
90-
token: ${{ env.GH_TOKEN }}
98+
token: ${{ steps.otelbot-token.outputs.token }}
9199

92100
- name: Lock GitHub Pull Request to prepare release
93101
shell: pwsh
94102
env:
95-
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
103+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
104+
EXPECTED_PR_AUTHOR_USER_NAME: ${{ needs.automation.outputs.application-name }}
96105
ISSUE_NUMBER: ${{ github.event.pull_request.number }}
97106
run: |
98107
Import-Module .\build\scripts\prepare-release.psm1
99108
100109
LockPullRequestAndPostNoticeToCreateReleaseTag `
101110
-gitRepository ${env:GITHUB_REPOSITORY} `
102111
-pullRequestNumber ${env:ISSUE_NUMBER} `
103-
-botUserName ${env:BOT_USER_NAME}
112+
-expectedPrAuthorUserName ${env:EXPECTED_PR_AUTHOR_USER_NAME}
104113
105114
create-release-tag-pr-post-notice:
106115
runs-on: ubuntu-22.04
@@ -111,37 +120,42 @@ jobs:
111120
github.event_name == 'issue_comment' &&
112121
github.event.issue.pull_request &&
113122
github.event.issue.locked == true &&
114-
github.event.comment.user.login != needs.automation.outputs.username &&
123+
github.event.comment.user.login != needs.automation.outputs.application-username &&
115124
contains(github.event.comment.body, '/CreateReleaseTag') &&
116125
startsWith(github.event.issue.title, '[release] Prepare release ') &&
117126
github.event.issue.pull_request.merged_at &&
118127
needs.automation.outputs.enabled
119128
120-
env:
121-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
122-
123129
steps:
130+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
131+
id: otelbot-token
132+
with:
133+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
134+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
135+
124136
- name: Check out code
125137
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
126138
with:
127139
# Note: By default GitHub only fetches 1 commit which fails the git tag operation below
128140
fetch-depth: 0
129-
token: ${{ env.GH_TOKEN }}
141+
token: ${{ steps.otelbot-token.outputs.token }}
130142

131143
- name: Create release tag
132144
id: create-tag
133145
shell: pwsh
134146
env:
147+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
135148
BOT_USER_EMAIL: ${{ needs.automation.outputs.email }}
136149
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
150+
EXPECTED_PR_AUTHOR_USER_NAME: ${{ needs.automation.outputs.application-name }}
137151
ISSUE_NUMBER: ${{ github.event.issue.number }}
138152
run: |
139153
Import-Module .\build\scripts\prepare-release.psm1
140154
141155
CreateReleaseTagAndPostNoticeOnPullRequest `
142156
-gitRepository ${env:GITHUB_REPOSITORY} `
143157
-pullRequestNumber ${env:ISSUE_NUMBER} `
144-
-botUserName ${env:BOT_USER_NAME} `
158+
-expectedPrAuthorUserName ${env:EXPECTED_PR_AUTHOR_USER_NAME} `
145159
-gitUserName ${env:BOT_USER_NAME} `
146160
-gitUserEmail ${env:BOT_USER_EMAIL}
147161
@@ -154,28 +168,33 @@ jobs:
154168
github.event_name == 'issue_comment' &&
155169
github.event.issue.pull_request &&
156170
github.event.issue.state == 'open' &&
157-
github.event.comment.user.login != needs.automation.outputs.username &&
171+
github.event.comment.user.login != needs.automation.outputs.application-username &&
158172
contains(github.event.comment.body, '/UpdateReleaseDates') &&
159173
startsWith(github.event.issue.title, '[release] Prepare release ') &&
160174
github.event.issue.pull_request.merged_at == null &&
161175
needs.automation.outputs.enabled
162176
163-
env:
164-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
165-
166177
steps:
178+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
179+
id: otelbot-token
180+
with:
181+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
182+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
183+
167184
- name: Check out code
168185
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
169186
with:
170187
# Note: By default GitHub only fetches 1 commit which fails the git tag operation below
171188
fetch-depth: 0
172-
token: ${{ env.GH_TOKEN }}
189+
token: ${{ steps.otelbot-token.outputs.token }}
173190

174191
- name: Update release date
175192
shell: pwsh
176193
env:
194+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
177195
BOT_USER_EMAIL: ${{ needs.automation.outputs.email }}
178196
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
197+
EXPECTED_PR_AUTHOR_USER_NAME: ${{ needs.automation.outputs.application-name }}
179198
COMMENT_USER_NAME: ${{ github.event.comment.user.login }}
180199
ISSUE_NUMBER: ${{ github.event.issue.number }}
181200
run: |
@@ -184,7 +203,7 @@ jobs:
184203
UpdateChangelogReleaseDatesAndPostNoticeOnPullRequest `
185204
-gitRepository ${env:GITHUB_REPOSITORY} `
186205
-pullRequestNumber ${env:ISSUE_NUMBER} `
187-
-botUserName ${env:BOT_USER_NAME} `
206+
-expectedPrAuthorUserName ${env:EXPECTED_PR_AUTHOR_USER_NAME} `
188207
-commentUserName ${env:COMMENT_USER_NAME} `
189208
-gitUserName ${env:BOT_USER_NAME} `
190209
-gitUserEmail ${env:BOT_USER_EMAIL}
@@ -198,27 +217,32 @@ jobs:
198217
github.event_name == 'issue_comment' &&
199218
github.event.issue.pull_request &&
200219
github.event.issue.state == 'open' &&
201-
github.event.comment.user.login != needs.automation.outputs.username &&
220+
github.event.comment.user.login != needs.automation.outputs.application-username &&
202221
contains(github.event.comment.body, '/UpdateReleaseNotes') &&
203222
startsWith(github.event.issue.title, '[release] Prepare release ') &&
204223
github.event.issue.pull_request.merged_at == null &&
205224
needs.automation.outputs.enabled
206225
207-
env:
208-
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
209-
210226
steps:
227+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
228+
id: otelbot-token
229+
with:
230+
app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }}
231+
private-key: ${{ secrets.OTELBOT_DOTNET_PRIVATE_KEY }}
232+
211233
- name: Check out code
212234
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
213235
with:
214236
# Note: By default GitHub only fetches 1 commit which fails the git tag operation below
215237
fetch-depth: 0
216-
token: ${{ env.GH_TOKEN }}
238+
token: ${{ steps.otelbot-token.outputs.token }}
217239

218240
- name: Update release notes
219241
env:
242+
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
220243
BOT_USER_EMAIL: ${{ needs.automation.outputs.email }}
221244
BOT_USER_NAME: ${{ needs.automation.outputs.username }}
245+
EXPECTED_PR_AUTHOR_USER_NAME: ${{ needs.automation.outputs.application-name }}
222246
COMMENT_BODY: ${{ github.event.comment.body }}
223247
COMMENT_USER_NAME: ${{ github.event.comment.user.login }}
224248
ISSUE_NUMBER: ${{ github.event.issue.number }}
@@ -229,7 +253,7 @@ jobs:
229253
UpdateReleaseNotesAndPostNoticeOnPullRequest `
230254
-gitRepository ${env:GITHUB_REPOSITORY} `
231255
-pullRequestNumber ${env:ISSUE_NUMBER} `
232-
-botUserName ${env:BOT_USER_NAME} `
256+
-expectedPrAuthorUserName ${env:EXPECTED_PR_AUTHOR_USER_NAME} `
233257
-commentUserName ${env:COMMENT_USER_NAME} `
234258
-commentBody $Env:COMMENT_BODY `
235259
-gitUserName ${env:BOT_USER_NAME} `

0 commit comments

Comments
 (0)