feature: support fetching github token from github app

ab180 · Jun 25, 2024 · 4fbdbdb · 4fbdbdb
1 parent eef6197
commit 4fbdbdb
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 3 deletions.
diff --git a/.github/workflows/gitflow.yml b/.github/workflows/gitflow.yml
@@ -53,9 +53,18 @@ on:
         default: 'changelog.md'
         required: false
     secrets:
-      TOKEN:
+      GITHUB_TOKEN:
         description: 'GitHub token (Default: GitHub Action token)'
         required: false
+      GITHUB_APP_ID:
+        description: 'GitHub app id for fetching GitHub token'
+        required: false
+      GITHUB_APP_PRIVATE_KEY:
+        description: 'GitHub app private key for fetching GitHub token'
+        required: false
+      GITHUB_APP_OWNER:
+        description: 'GitHub app owner for fetching GitHub token'
+        required: false
 
 env:
   MAIN_BRANCH: ${{ inputs.MAIN_BRANCH || 'main' }}
@@ -66,7 +75,10 @@ env:
   VERSION_EXPRESSION: ${{ inputs.VERSION_EXPRESSION || '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' }}
   VERSION_HEADER: ${{ inputs.VERSION_HEADER || '## ' }}
   CHANGELOG: ${{ inputs.CHANGELOG || 'changelog.md' }}
-  GITHUB_TOKEN: ${{ secrets.TOKEN || github.token }}
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN || github.token }}
+  GITHUB_APP_ID: ${{ secrets.GITHUB_APP_ID }}
+  GITHUB_APP_PRIVATE_KEY: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+  GITHUB_APP_OWNER: ${{ secrets.GITHUB_APP_OWNER }}
   SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }}
   SOURCE_COMMIT: ${{ github.event.pull_request.head.sha }}
   DESTINATION_BRANCH: ${{ github.event.pull_request.base.ref }}
@@ -76,6 +88,21 @@ jobs:
   gitflow:
     runs-on: ubuntu-latest
     steps:
+      - name: Fetching GitHub Token
+        id: fetching-github-token
+        if: ${{ env.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY && env.GITHUB_APP_OWNER }}
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ env.GITHUB_APP_ID }}
+          private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}
+          owner: ${{ env.GITHUB_APP_OWNER }}
+
+      - name: Using GitHub Token
+        if: ${{ env.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY && env.GITHUB_APP_OWNER }}
+        run: |
+          echo '::add-mask::${{ steps.fetching-github-token.outputs.token }}'
+          echo 'GITHUB_TOKEN=${{ steps.fetching-github-token.outputs.token }}' >> $GITHUB_ENV
+
       - name: Check branch
         id: check-branch
         run: |

diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,7 @@
+## 2.2.0
+
+- feature: support fetching github token from github app
+
 ## 2.1.2
 
 - fix: solve issue that DEVELOP_BRANCH input is not used

diff --git a/readme.md b/readme.md
@@ -34,7 +34,10 @@ A implementation of workflows of GitHub Actions to support using gitflow on GitH
         #   VERSION_HEADER: ... # Default: '## '
         #   CHANGELOG: ... # Default: 'changelog.md'
         # secrets:
-        #   TOKEN: ... # Default: Github Action token
+        #   GITHUB_TOKEN: ... # Default: GitHub Action token
+        #   GITHUB_APP_ID: ... # Default: GitHub App ID for fetching GitHub token
+        #   GITHUB_APP_PRIVATE_KEY: ... # Default: GitHub App ID for fetching GitHub token
+        #   GITHUB_APP_OWNER: ... # Default: GitHub App ID for fetching GitHub token
     ```
 4. Set `Workflow permissions` as checking `Read and write permissions` and `Allow GitHub Actions to create and approve pull requests`.
 5. Do not check `Automatically delete head branches`.