|
9 | 9 | check-motoko: |
10 | 10 | name: Check caffeinelabs/motoko |
11 | 11 | runs-on: ubuntu-latest |
12 | | - permissions: |
13 | | - contents: write |
14 | | - pull-requests: write |
15 | 12 |
|
16 | 13 | steps: |
17 | 14 | - uses: actions/checkout@v4 |
18 | 15 |
|
| 16 | + - name: Create GitHub App Token |
| 17 | + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 |
| 18 | + id: app-token |
| 19 | + with: |
| 20 | + app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} |
| 21 | + private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} |
| 22 | + |
19 | 23 | - name: Get latest motoko release tag |
20 | 24 | id: latest |
21 | 25 | run: | |
22 | 26 | TAG=$(gh release view --repo caffeinelabs/motoko --json tagName -q .tagName) |
23 | 27 | echo "tag=$TAG" >> $GITHUB_OUTPUT |
24 | 28 | env: |
25 | | - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 29 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
26 | 30 |
|
27 | 31 | - name: Get current pinned tag |
28 | 32 | id: current |
@@ -54,18 +58,20 @@ jobs: |
54 | 58 | run: | |
55 | 59 | TAG="${{ steps.latest.outputs.tag }}" |
56 | 60 | RESULT=$(curl -sf "https://api.github.com/repos/caffeinelabs/motoko/git/ref/tags/${TAG}" \ |
57 | | - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | \ |
| 61 | + -H "Authorization: Bearer $GH_TOKEN" | \ |
58 | 62 | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['object']['sha'], d['object']['type'])") |
59 | 63 | OBJ_SHA=$(echo "$RESULT" | awk '{print $1}') |
60 | 64 | OBJ_TYPE=$(echo "$RESULT" | awk '{print $2}') |
61 | 65 | if [ "$OBJ_TYPE" = "tag" ]; then |
62 | 66 | COMMIT=$(curl -sf "https://api.github.com/repos/caffeinelabs/motoko/git/tags/${OBJ_SHA}" \ |
63 | | - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | \ |
| 67 | + -H "Authorization: Bearer $GH_TOKEN" | \ |
64 | 68 | python3 -c "import sys,json; print(json.load(sys.stdin)['object']['sha'])") |
65 | 69 | else |
66 | 70 | COMMIT="$OBJ_SHA" |
67 | 71 | fi |
68 | 72 | echo "commit=$COMMIT" >> $GITHUB_OUTPUT |
| 73 | + env: |
| 74 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
69 | 75 |
|
70 | 76 | - name: Fetch upstream files and build diff |
71 | 77 | if: steps.check.outputs.needed == 'true' |
@@ -116,39 +122,42 @@ jobs: |
116 | 122 | fi |
117 | 123 | done |
118 | 124 |
|
119 | | -
|
120 | 125 | - name: Create sync PR |
121 | 126 | if: steps.check.outputs.needed == 'true' |
122 | 127 | run: | |
123 | 128 | BRANCH="${{ steps.check.outputs.branch }}" |
124 | | - git config user.name "github-actions[bot]" |
125 | | - git config user.email "github-actions[bot]@users.noreply.github.com" |
| 129 | + git config user.name "pr-automation-bot-public[bot]" |
| 130 | + git config user.email "pr-automation-bot-public[bot]@users.noreply.github.com" |
126 | 131 | git checkout -b "$BRANCH" |
127 | 132 | git commit --allow-empty -m "chore: upstream sync check — caffeinelabs/motoko ${{ steps.latest.outputs.tag }}" |
128 | 133 | git push -u origin "$BRANCH" |
129 | 134 | gh pr create \ |
130 | 135 | --title "chore: sync check — caffeinelabs/motoko ${{ steps.latest.outputs.tag }}" \ |
131 | 136 | --body-file /tmp/pr-body.md |
132 | 137 | env: |
133 | | - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 138 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
134 | 139 |
|
135 | 140 | check-mops: |
136 | 141 | name: Check caffeinelabs/mops |
137 | 142 | runs-on: ubuntu-latest |
138 | | - permissions: |
139 | | - contents: write |
140 | | - pull-requests: write |
141 | 143 |
|
142 | 144 | steps: |
143 | 145 | - uses: actions/checkout@v4 |
144 | 146 |
|
| 147 | + - name: Create GitHub App Token |
| 148 | + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 |
| 149 | + id: app-token |
| 150 | + with: |
| 151 | + app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} |
| 152 | + private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} |
| 153 | + |
145 | 154 | - name: Get latest mops release tag |
146 | 155 | id: latest |
147 | 156 | run: | |
148 | 157 | TAG=$(gh release list --repo caffeinelabs/mops --limit 100 --json tagName --jq '[.[] | select(.tagName | startswith("cli-"))] | first | .tagName') |
149 | 158 | echo "tag=$TAG" >> $GITHUB_OUTPUT |
150 | 159 | env: |
151 | | - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 160 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
152 | 161 |
|
153 | 162 | - name: Get current pinned tag |
154 | 163 | id: current |
@@ -180,18 +189,20 @@ jobs: |
180 | 189 | run: | |
181 | 190 | TAG="${{ steps.latest.outputs.tag }}" |
182 | 191 | RESULT=$(curl -sf "https://api.github.com/repos/caffeinelabs/mops/git/ref/tags/${TAG}" \ |
183 | | - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | \ |
| 192 | + -H "Authorization: Bearer $GH_TOKEN" | \ |
184 | 193 | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['object']['sha'], d['object']['type'])") |
185 | 194 | OBJ_SHA=$(echo "$RESULT" | awk '{print $1}') |
186 | 195 | OBJ_TYPE=$(echo "$RESULT" | awk '{print $2}') |
187 | 196 | if [ "$OBJ_TYPE" = "tag" ]; then |
188 | 197 | COMMIT=$(curl -sf "https://api.github.com/repos/caffeinelabs/mops/git/tags/${OBJ_SHA}" \ |
189 | | - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | \ |
| 198 | + -H "Authorization: Bearer $GH_TOKEN" | \ |
190 | 199 | python3 -c "import sys,json; print(json.load(sys.stdin)['object']['sha'])") |
191 | 200 | else |
192 | 201 | COMMIT="$OBJ_SHA" |
193 | 202 | fi |
194 | 203 | echo "commit=$COMMIT" >> $GITHUB_OUTPUT |
| 204 | + env: |
| 205 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
195 | 206 |
|
196 | 207 | - name: Fetch upstream file and build diff |
197 | 208 | if: steps.check.outputs.needed == 'true' |
@@ -234,13 +245,13 @@ jobs: |
234 | 245 | if: steps.check.outputs.needed == 'true' |
235 | 246 | run: | |
236 | 247 | BRANCH="${{ steps.check.outputs.branch }}" |
237 | | - git config user.name "github-actions[bot]" |
238 | | - git config user.email "github-actions[bot]@users.noreply.github.com" |
| 248 | + git config user.name "pr-automation-bot-public[bot]" |
| 249 | + git config user.email "pr-automation-bot-public[bot]@users.noreply.github.com" |
239 | 250 | git checkout -b "$BRANCH" |
240 | 251 | git commit --allow-empty -m "chore: upstream sync check — caffeinelabs/mops ${{ steps.latest.outputs.tag }}" |
241 | 252 | git push -u origin "$BRANCH" |
242 | 253 | gh pr create \ |
243 | 254 | --title "chore: sync check — caffeinelabs/mops ${{ steps.latest.outputs.tag }}" \ |
244 | 255 | --body-file /tmp/pr-body.md |
245 | 256 | env: |
246 | | - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 257 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
0 commit comments