From 26b45fce93cf1c3ebf48f633b1a3efbbfa6a31e2 Mon Sep 17 00:00:00 2001 From: razzle Date: Fri, 8 Mar 2024 12:44:03 -0600 Subject: [PATCH] chore(release): update release workflow to use token from gh app (#2368) ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Signed-off-by: razzle --- .github/workflows/release.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8e25be957b..d6783b569e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -172,6 +172,14 @@ jobs: echo ARCHIVER_VERSION=$(go list -f '{{.Version}}' -m github.com/mholt/archiver/v3) >> $GITHUB_ENV echo HELM_VERSION=$(go list -f '{{.Version}}' -m helm.sh/helm/v3) >> $GITHUB_ENV + - name: Get Brew tap repo token + id: brew-tap-token + uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3.0.0 + with: + application_id: ${{ secrets.BREW_TAP_APP_ID }} + application_private_key: ${{ secrets.BREW_TAP_APP_KEY }} + organization: defenseunicorns + # Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe - name: Run GoReleaser uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 @@ -181,8 +189,7 @@ jobs: args: release --rm-dist --debug env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.ZARF_ORG_PROJECT_TOKEN }} - + HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }} - name: Save CVE report uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1