Skip to content

adding auth token #2068

adding auth token

adding auth token #2068

Workflow file for this run

name: "Tag and release to production"
on:
pull_request:
types: [closed]
jobs:
tag-release:
runs-on: ubuntu-latest
if: github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged && (contains(github.event.pull_request.title, '[AUTO-PR]') || contains(github.event.pull_request.title, '[MANIFEST]'))
steps:
# Generate a bot token that will be used for all workflow actions.
# This is required as the default repo GITHUB_TOKEN does not trigger new workflow runs.
- name: Obtain a Notify PR Bot GitHub App Installation Access Token
run: |
TOKEN="$(npx [email protected] ci ${{ secrets.PR_BOT_GITHUB_TOKEN }})"
echo "::add-mask::$TOKEN"
echo "GITHUB_TOKEN=$TOKEN" >> $GITHUB_ENV
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@d745f2e74aaf1ee82e747b181f7a0967978abee0 # v6.0
with:
github_token: ${{ env.GITHUB_TOKEN }}
release_branches: main
- name: Checkout main branch
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
token: ${{ env.GITHUB_TOKEN }}
- name: Get current Prod Version
run: |
CURRENT_VERSION=`cat VERSION`
echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
- name: Update version file
env:
NEW_VERSION: ${{ steps.tag_version.outputs.new_tag }}
CURRENT_VERSION: ${{ env.CURRENT_VERSION }}
run: |
echo $NEW_VERSION > VERSION
- name: setup git config
run: |
git config user.name "Notify PR Bot"
git config user.email "[email protected]"
- name: Branch protection OFF
uses: octokit/[email protected]
with:
route: PUT /repos/:repository/branches/main/protection
repository: ${{ github.repository }}
required_status_checks: |
null
required_linear_history: |
null
enforce_admins: |
null
required_pull_request_reviews: |
null
restrictions: |
null
env:
GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
- name: commit
env:
NEW_VERSION: ${{ steps.tag_version.outputs.new_tag }}
CURRENT_VERSION: ${{ env.CURRENT_VERSION }}
run: |
git add VERSION
git commit -m "New release: ${CURRENT_VERSION} -> ${NEW_VERSION}"
git push origin main
- name: Branch protection ON
if: always()
uses: octokit/[email protected]
with:
route: PUT /repos/:repository/branches/main/protection
repository: ${{ github.repository }}
required_status_checks: |
strict: true
checks:
- context: testing_manifest
required_linear_history: |
true
enforce_admins: |
true
required_pull_request_reviews: |
required_approving_review_count: 1
restrictions: |
null
env:
GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}