@@ -3,6 +3,10 @@ name: 'Josh Subtree Sync'
33on :
44 workflow_call :
55 inputs :
6+ github-app-id :
7+ description : ' ID of a GitHub app that will create the sync PR'
8+ required : true
9+ type : string
610 branch-name :
711 description : ' Name of the branch to create for the sync'
812 required : false
2731 required : false
2832 type : string
2933 secrets :
30- token :
31- description : ' GITHUB_TOKEN from the caller workflow '
34+ github-app-secret :
35+ description : ' Secret for a GitHub app that will create the sync PR '
3236 required : true
3337 zulip-api-token :
3438 description : ' Zulip API token for authentication'
8185
8286 exit ${exitcode}
8387
88+ uses : actions/create-github-app-token@v2
89+ id : app-token
90+ with :
91+ app-id : ${{ inputs.github-app-id }}
92+ private-key : ${{ secrets.github-app-secret }}
93+
8494 - name : Push changes to a branch
8595 if : ${{ steps.josh-sync.outputs.pull_result == 'pull-finished' }}
8696 run : |
92102 id : update-pr
93103 if : ${{ steps.josh-sync.outputs.pull_result == 'pull-finished' }}
94104 env :
95- GITHUB_TOKEN : ${{ secrets .token }}
105+ GITHUB_TOKEN : ${{ steps.app-token.outputs .token }}
96106 run : |
97107 # Check if an open pull request already exists
98108 RESULT=`gh pr list --author github-actions[bot] --state open -q 'map(select(.title=="Rustc pull update")) | length' --json title`
@@ -114,10 +124,16 @@ jobs:
114124 steps :
115125 - uses : actions/checkout@v4
116126
127+ - uses : actions/create-github-app-token@v2
128+ id : app-token
129+ with :
130+ app-id : ${{ inputs.github-app-id }}
131+ private-key : ${{ secrets.github-app-secret }}
132+
117133 - name : Compute message
118134 id : create-message
119135 env :
120- GITHUB_TOKEN : ${{ secrets .token }}
136+ GITHUB_TOKEN : ${{ steps.app-token.outputs .token }}
121137 run : |
122138 if [ "${{ needs.perform-pull.result }}" == "failure" ]; then
123139 WORKFLOW_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
0 commit comments