From 16ef6a241eefbe9e7db4c099ce8b4771df0d914b Mon Sep 17 00:00:00 2001 From: budougumi0617 Date: Wed, 18 Sep 2024 13:41:01 +0900 Subject: [PATCH] ci: generate token by GitHub App --- .github/workflows/tag-and-release.yml | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tag-and-release.yml b/.github/workflows/tag-and-release.yml index 58c8d22..6aa79f4 100644 --- a/.github/workflows/tag-and-release.yml +++ b/.github/workflows/tag-and-release.yml @@ -9,28 +9,38 @@ jobs: runs-on: ubuntu-latest outputs: tagpr-tag: ${{ steps.run-tagpr.outputs.tag }} - env: - GITHUB_TOKEN: ${{ secrets.GH_PAT }} steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} - name: Check out source code uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 with: - go-version-file: go.mod - cache: true + token: ${{ steps.app-token.outputs.token }} - id: run-tagpr name: Run tagpr uses: Songmu/tagpr@v1 + env: + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} goreleaser: needs: tagpr if: needs.tagpr.outputs.tagpr-tag != '' runs-on: ubuntu-latest steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: "budougumi0617" + repositories: "homebrew-tap" - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ steps.app-token.outputs.token }} - name: Set up Go uses: actions/setup-go@v5 with: @@ -46,4 +56,4 @@ jobs: args: release --clean env: # need to access other repository for brew-tap - GITHUB_TOKEN: ${{ secrets.GH_PAT }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}