Skip to content

Commit a6b2eea

Browse files
sassmansassman
committed
feat(ci): migrate deploy pipeline over to no PATs
Signed-off-by: Sven Kanoldt <sven@d34dl0ck.me>
1 parent 3ad6896 commit a6b2eea

File tree

1 file changed

+31
-2
lines changed

1 file changed

+31
-2
lines changed

.github/workflows/deploy.yml

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,21 @@ jobs:
5353
runs-on: macos-latest
5454
if: (github.event_name == 'push' && contains(github.event.ref, 'refs/tags/v')) || (github.event_name == 'workflow_dispatch' && ${{ github.event.inputs.do-homebrew }})
5555
steps:
56+
- uses: actions/create-github-app-token@v1
57+
id: app-token
58+
with:
59+
app-id: 1178949
60+
private-key: ${{ secrets.PRIVATE_KEY_5422M4N_BOT }}
61+
62+
- name: Get GitHub App User ID
63+
id: get-user-id
64+
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
65+
env:
66+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
67+
- run: |
68+
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
69+
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
70+
5671
- name: Get version from tag
5772
if: github.event_name == 'push' && contains(github.event.ref, 'refs/tags/v')
5873
run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/v} >> $GITHUB_ENV
@@ -68,14 +83,28 @@ jobs:
6883
version: ${{ env.RELEASE_VERSION }}
6984

7085
env:
71-
COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
86+
COMMITTER_TOKEN: ${{ steps.app-token.outputs.token }}
7287

7388
release:
7489
name: post / github release
7590
needs: [doing-a-build]
7691
runs-on: ubuntu-latest
7792
if: (github.event_name == 'push' && contains(github.event.ref, 'refs/tags/v')) || (github.event_name == 'workflow_dispatch') && ${{ github.event.inputs.do-github-release }})
7893
steps:
94+
- uses: actions/create-github-app-token@v1
95+
id: app-token
96+
with:
97+
app-id: 1178949
98+
private-key: ${{ secrets.PRIVATE_KEY_5422M4N_BOT }}
99+
100+
- name: Get GitHub App User ID
101+
id: get-user-id
102+
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
103+
env:
104+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
105+
- run: |
106+
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
107+
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
79108
- uses: actions/checkout@v4
80109
- name: setup | rust
81110
uses: dtolnay/rust-toolchain@stable
@@ -102,7 +131,7 @@ jobs:
102131
id: create_release
103132
uses: actions/create-release@v1
104133
env:
105-
GITHUB_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
134+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
106135
with:
107136
# This pulls from the "Get Changelog Entry" step above, referencing it's ID to get its outputs object.
108137
# See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps

0 commit comments

Comments
 (0)