From 46e31442e37029f21760eb21ee4ba48fdae9efc9 Mon Sep 17 00:00:00 2001 From: LitoMore Date: Mon, 8 Apr 2024 08:48:32 +0800 Subject: [PATCH] Use bot token for releases --- .github/workflows/auto-release.yml | 14 ++++++++------ .github/workflows/publish.yml | 19 ++++++++++--------- .github/workflows/verify.yml | 22 ++++++++++++---------- 3 files changed, 30 insertions(+), 25 deletions(-) diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 881f5ce6..c6e9e59d 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -1,9 +1,6 @@ name: Automated Releases on: workflow_dispatch -permissions: - contents: write - # This Workflow is triggered through the GitHub API: # curl -X Post \ # -H "Authorization: Bearer " \ @@ -16,6 +13,11 @@ jobs: name: Automated release runs-on: ubuntu-latest steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.BOT_APP_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Checkout uses: actions/checkout@v4 with: @@ -35,8 +37,8 @@ jobs: - name: Commit updates run: | # Set up git credential - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" + git config --global user.email "simple-icons[bot]@users.noreply.github.com" + git config --global user.name "simple-icons[bot]" # Create a commit for the simple-icons dependency update git add . @@ -45,7 +47,7 @@ jobs: run: | # Set up remote using a Personal Access Token git remote remove origin - git remote add origin https://${{secrets.RELEASE_TOKEN}}@github.com/simple-icons/simple-icons-website.git + git remote add origin https://${{ steps.app-token.outputs.token }}@github.com/simple-icons/simple-icons-website.git # Push updates to origin git push origin master diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7061de38..0498225a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,14 +3,16 @@ on: push: branches: [master] -permissions: - contents: write - jobs: publish-website: runs-on: ubuntu-latest name: Publish Website steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.BOT_APP_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Checkout uses: actions/checkout@v4 with: @@ -20,14 +22,14 @@ jobs: with: node-version: 20.x - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: Cache build - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .cache/webpack key: ${{ runner.os }}-build-${{ hashFiles('**/package-lock.json') }} @@ -37,13 +39,12 @@ jobs: run: npm ci - name: Build Website run: npm run build - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Deploy uses: JamesIves/github-pages-deploy-action@v4 with: + token: ${{ steps.app-token.outputs.token }} branch: gh-pages folder: _site single-commit: true - git-config-name: github-actions[bot] - git-config-email: github-actions[bot]@users.noreply.github.com + git-config-name: simple-icons[bot] + git-config-email: simple-icons[bot]@users.noreply.github.com diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 1fd42fe5..755405c9 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -5,9 +5,6 @@ on: - master pull_request: -permissions: - contents: read - jobs: build: name: Build website @@ -20,14 +17,14 @@ jobs: with: node-version: 20.x - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: Cache build - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .cache/webpack key: ${{ runner.os }}-build-${{ hashFiles('**/package-lock.json') }} @@ -48,7 +45,7 @@ jobs: with: node-version: 20.x - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} @@ -63,6 +60,11 @@ jobs: needs: [build] runs-on: ubuntu-latest steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.BOT_APP_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Checkout uses: actions/checkout@v4 - name: Use Node.js 20.x @@ -70,21 +72,21 @@ jobs: with: node-version: 20.x - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: Cache build - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .cache/webpack key: ${{ runner.os }}-build-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-build- - name: Cache Jest - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .cache/jest key: ${{ runner.os }}-jest-${{ hashFiles('package-lock.json') }}-${{ github.run_number }} @@ -98,7 +100,7 @@ jobs: - name: Run end-to-end tests run: npm run test:e2e -- --runInBand env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - name: Upload test screenshots uses: actions/upload-artifact@v4 with: