From ede51a6ad4dd3d4cc29090c6973b89c17c5b13ff Mon Sep 17 00:00:00 2001 From: rmanaem Date: Tue, 5 Nov 2024 13:44:53 -0500 Subject: [PATCH] Step by step GH_TOEKN --- .../manual_label_population_to_repos.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/manual_label_population_to_repos.yml b/.github/workflows/manual_label_population_to_repos.yml index bc556fd..2244732 100644 --- a/.github/workflows/manual_label_population_to_repos.yml +++ b/.github/workflows/manual_label_population_to_repos.yml @@ -41,9 +41,11 @@ jobs: sync_labels: name: Process all the labels runs-on: ubuntu-latest + permissions: + contents: write + issues: write + needs: get_labels - env: - GH_TOKEN: ${{ secrets.LAB_PAT }} strategy: # Note: we cannot make a matrix for the label AND repo at once, # because the total number of jobs will exceed the maximum allowed by GitHub. @@ -52,7 +54,19 @@ jobs: matrix: label: ${{fromJSON(needs.get_labels.outputs.labels)}} steps: + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.NB_BOT_ID }} + private-key: ${{ secrets.NB_BOT_KEY }} + + - name: Set GH_TOKEN + run: echo "GH_TOKEN=${{ steps.generate-token.outputs.token }}" >> $GITHUB_ENV + - name: read label details + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} id: read_label run: | # TODO replace hardcoded owner and repo with variables. But note that GITHUB_REPOSITORY @@ -93,6 +107,7 @@ jobs: - name: sync label env: MAX_REPO: 100 + GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | for repo in $(gh repo list $GITHUB_REPOSITORY_OWNER --no-archived -L ${MAX_REPO} --json owner,name --jq '.[] | "\(.owner.login)/\(.name)"'); do