From d34b40797eb97012e772b3abd7175021a1fad559 Mon Sep 17 00:00:00 2001 From: Opeyemi Date: Mon, 16 Sep 2024 16:36:53 +0100 Subject: [PATCH] [BRE-246] - Use GH-App for Version Bump Workflow (#10986) * Use GH-App for version bump workflow * update secret --- .github/workflows/version-bump.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index fc30996e85..71e7d3c10a 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -83,8 +83,7 @@ jobs: with: keyvault: "bitwarden-ci" secrets: "github-gpg-private-key, - github-gpg-private-key-passphrase, - github-pat-bitwarden-devops-bot-repo-scope" + github-gpg-private-key-passphrase" - name: Import GPG key uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 @@ -447,11 +446,19 @@ jobs: echo "$MESSAGE" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV + - name: Generate GH App token + uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 + id: app-token + with: + app-id: ${{ secrets.BW_GHAPP_ID }} + private-key: ${{ secrets.BW_GHAPP_KEY }} + owner: ${{ github.repository_owner }} + - name: Create Version PR if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} id: create-pr env: - GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} PR_BRANCH: ${{ steps.create-branch.outputs.name }} TITLE: "Bump client(s) version" run: | @@ -483,7 +490,7 @@ jobs: - name: Merge PR if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} env: - GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }} run: gh pr merge $PR_NUMBER --squash --auto --delete-branch