@@ -105,29 +105,28 @@ jobs:
105105 runs-on : ubuntu-latest
106106 name : Semantic release
107107 steps :
108+ - uses : actions/create-github-app-token@v2
109+ id : app-token
110+ with :
111+ app-id : ${{ secrets.ECOSPARK_APP_ID }}
112+ private-key : ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }}
108113 - uses : actions/checkout@v4
109114 with :
110115 # Need to fetch entire commit history to
111116 # analyze every commit since last release
112117 fetch-depth : 0
118+ # Uses generated token to allow pushing commits back
119+ token : ${{ steps.app-token.outputs.token }}
120+ # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
121+ persist-credentials : false
113122 - uses : actions/setup-node@v4
114123 with :
115124 cache : npm
116125 node-version : lts/*
117126 - run : npm ci
118127 # Branches that will release new versions are defined in .releaserc.json
119128 - run : npx semantic-release
120- # Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
121- # e.g. git tags were pushed but it exited before `npm publish`
122- if : always()
123- env :
124- NPM_CONFIG_PROVENANCE : true
125- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
126- NPM_TOKEN : ${{ secrets.NPM_PUBLISH_TOKEN }}
127- # Re-run semantic release with rich logs if it failed to publish for easier debugging
128- - run : npx semantic-release --dry-run --debug
129- if : failure()
130129 env :
131130 NPM_CONFIG_PROVENANCE : true
132- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
131+ GITHUB_TOKEN : ${{ steps.app-token.outputs.token }}
133132 NPM_TOKEN : ${{ secrets.NPM_PUBLISH_TOKEN }}
0 commit comments