Skip to content

Commit

Permalink
Merge pull request #47 from fingerprintjs/get-gh-token-from-app
Browse files Browse the repository at this point in the history 
Add to release workflow ability to get GH token from GH app INTER-561 INTER-552
  • Loading branch information
@ilfa
ilfa authored Mar 12, 2024
2 parents ec0c036 + 9582d87 commit 1eddd53
Show file tree
Hide file tree
Showing 8 changed files with 69 additions and 39 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/analyze-commits.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
fi
- if: ${{ env.PACKAGE_MANAGER == 'pnpm' }}
name: 'Install pnpm'
uses: pnpm/action-setup@ebcfd6995dade4b0104ac774445cef8b3b4635b0
uses: pnpm/action-setup@129abb77bf5884e578fcaf1f37628e41622cc371
with:
version: 8
- name: 'Install latest node version'
Expand All @@ -61,7 +61,7 @@ jobs:
echo "EOF" >> $GITHUB_OUTPUT
shell: bash
- if: ${{ failure() && steps.commitlint.outcome == 'failure' }}
uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: Commitlint
recreate: true
Expand All @@ -81,7 +81,7 @@ jobs:
### Commitlint Errors
${{ steps.commitlint_formatted_results.outputs.formatted }}
- if: ${{ success() }}
uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: Commitlint
hide: true
Expand All @@ -104,7 +104,7 @@ jobs:
uses: fingerprintjs/action-semantic-release-info@v1
- if: ${{ steps.semantic_release_info.outputs.no_release == 'false' }}
name: Add comment to the PR
uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: ReleasePreview
recreate: true
Expand All @@ -114,7 +114,7 @@ jobs:
${{steps.semantic_release_info.outputs.notes}}
- if: ${{ steps.semantic_release_info.outputs.no_release == 'true' }}
name: Add comment to the PR
uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: ReleasePreview
recreate: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-typescript-project.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ jobs:
- if: ${{ env.PACKAGE_MANAGER == 'pnpm' }}
name: 'Install pnpm'
uses: pnpm/action-setup@ebcfd6995dade4b0104ac774445cef8b3b4635b0
uses: pnpm/action-setup@129abb77bf5884e578fcaf1f37628e41622cc371
with:
version: 8

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/coverage-diff.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
- if: ${{ env.PACKAGE_MANAGER == 'pnpm' }}
name: 'Install pnpm'
uses: pnpm/action-setup@ebcfd6995dade4b0104ac774445cef8b3b4635b0
uses: pnpm/action-setup@129abb77bf5884e578fcaf1f37628e41622cc371
with:
version: 8

Expand Down Expand Up @@ -66,14 +66,14 @@ jobs:

- name: Jest coverage comment
id: coverage
uses: ArtiomTr/jest-coverage-report-action@df2b025553c31d68f84be6337843e277e2576844
uses: ArtiomTr/jest-coverage-report-action@c026e98ae079f4b0b027252c8e957f5ebd420610
with:
package-manager: ${{ env.PACKAGE_MANAGER }}
output: report-markdown
test-script: ${{ inputs.testScript }}

- name: Add comment with coverage report
uses: marocchino/sticky-pull-request-comment@adca94abcaf73c10466a71cc83ae561fd66d1a56
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
message: |
${{ steps.coverage.outputs.report }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docs-and-coverage.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
- if: ${{ env.PACKAGE_MANAGER == 'pnpm' }}
name: 'Install pnpm'
uses: pnpm/action-setup@ebcfd6995dade4b0104ac774445cef8b3b4635b0
uses: pnpm/action-setup@129abb77bf5884e578fcaf1f37628e41622cc371
with:
version: 8

Expand Down Expand Up @@ -73,7 +73,7 @@ jobs:
run: $PACKAGE_MANAGER test:coverage

- name: Create Coverage Badges
uses: jaywcjlove/coverage-badges-cli@e07f25709cd25486855c1ba1b26da53576ff3620
uses: jaywcjlove/coverage-badges-cli@df58615045079f1c827de7867044bbab3ec22b43
with:
source: coverage/coverage-summary.json
output: coverage/lcov-report/badges.svg
Expand All @@ -84,7 +84,7 @@ jobs:
${{ inputs.prepare-gh-pages-commands }}
- name: Deploy 🚀
uses: JamesIves/github-pages-deploy-action@8817a56e5bfec6e2b08345c81f4d422db53a2cdc
uses: JamesIves/github-pages-deploy-action@65b5dfd4f5bcd3a7403bbc2959c144256167464e
with:
branch: gh-pages
folder: gh-pages
2 changes: 1 addition & 1 deletion .github/workflows/release-dx-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
uses: actions/checkout@v4

- name: Install pnpm
uses: pnpm/action-setup@ebcfd6995dade4b0104ac774445cef8b3b4635b0
uses: pnpm/action-setup@129abb77bf5884e578fcaf1f37628e41622cc371
with:
version: 8

Expand Down
9 changes: 8 additions & 1 deletion .github/workflows/release-server-sdk.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,17 @@ on:
description: 'Additional plugins to install for the semantic-release action.'
required: false
type: string
appId:
type: string
required: false
description: 'GitHub app id for release process.'
secrets:
GH_RELEASE_TOKEN:
description: 'GitHub token with permissions to create releases and perform other necessary operations.'
required: true
APP_PRIVATE_KEY:
description: 'GitHub App token to request GitHub token.'
required: false
PYPI_TOKEN:
description: 'PyPI token used for publishing Python packages. Required only for Python projects.'
required: false
Expand Down Expand Up @@ -89,7 +96,7 @@ jobs:
run: ${{ inputs.prepare-command }}

- name: 'Semantic Release'
uses: cycjimmy/semantic-release-action@91ab76a4a393a8d0c4739e9aea1818b56bc953ea
uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4
with:
extra_plugins: |
@semantic-release/[email protected]
Expand Down
29 changes: 23 additions & 6 deletions .github/workflows/release-typescript-project.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,24 @@ on:
runAfterInstall:
type: string
required: false
description: Commands to run after installing dependencies.
description: 'Commands to run after installing dependencies'
distFolderNeedForRelease:
type: boolean
required: false
description: Flag that we need `dist` folder to start release process
description: 'Flag that we need `dist` folder to start release process'
appId:
type: string
required: false
description: 'GitHub app id for release process'
secrets:
GH_RELEASE_TOKEN:
required: true
description: 'GitHub token with permissions to create releases and perform other necessary operations'
required: false
APP_PRIVATE_KEY:
description: 'GitHub App token to request GitHub token'
required: false
NPM_AUTH_TOKEN:
description: 'NPM authentication token for publishing packages'
required: false

jobs:
Expand Down Expand Up @@ -54,7 +63,7 @@ jobs:
- if: ${{ env.PACKAGE_MANAGER == 'pnpm' }}
name: 'Install pnpm'
uses: pnpm/action-setup@ebcfd6995dade4b0104ac774445cef8b3b4635b0
uses: pnpm/action-setup@129abb77bf5884e578fcaf1f37628e41622cc371
with:
version: 8

Expand All @@ -80,14 +89,22 @@ jobs:
run: ${{ inputs.runAfterInstall }}
if: ${{ inputs.runAfterInstall != '' }}

- name: 'Get token for the GitHub App'
if: ${{ inputs.appId != '' }}
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c
id: app-token
with:
app-id: ${{ inputs.appId }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: 'Semantic Release'
uses: cycjimmy/semantic-release-action@91ab76a4a393a8d0c4739e9aea1818b56bc953ea
uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4
with:
extra_plugins: |
@semantic-release/[email protected]
[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GH_RELEASE_TOKEN }}
GITHUB_TOKEN: ${{ inputs.appId != '' && steps.app-token.outputs.token || secrets.GH_RELEASE_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
HUSKY: 0

44 changes: 25 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,10 +248,11 @@ a semantic release.

The workflow expects the following secrets to be provided:

| Secret Name | Description |
|--------------------|--------------------------------------------------|
| `GH_RELEASE_TOKEN` | GitHub token for creating releases |
| `NPM_AUTH_TOKEN` | NPM authentication token for publishing packages |
| Secret Name | Description |
|--------------------|------------------------------------------------------------------|
| `GH_RELEASE_TOKEN` | GitHub token for creating releases |
| `APP_PRIVATE_KEY` | GitHub App private key for creating GitHub token for the release |
| `NPM_AUTH_TOKEN` | NPM authentication token for publishing packages |

#### Inputs

Expand All @@ -260,6 +261,7 @@ The workflow expects the following secrets to be provided:
| `runAfterInstall` | No | String | `""` | Commands to run after installing dependencies. |
| `distFolderNeedForRelease` | No | Boolean | `false` | Flag that we need `dist` folder to start release process. |
| `nodeVersion` | No | String | `lts/*` | Node version to use |
| `appId` | No | String | `""` | GitHub App Id for creating GitHub token for the release |

#### Usage

Expand All @@ -273,8 +275,10 @@ on:
jobs:
release-workflow:
uses: fingerprintjs/dx-team-toolkit/.github/workflows/release-typescript-project.yml@v1
with:
appId: ${{ vars.APP_ID }}
secrets:
GH_RELEASE_TOKEN: ${{ secrets.GH_RELEASE_TOKEN }}
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
```

Expand All @@ -301,23 +305,24 @@ determine the next version number and generate release notes based on commit mes

The workflow accepts the following input parameters:

| Input Parameter | Required | Type | Default | Description |
|----------------------------------|----------|--------|---------|----------------------------------------------------------------------------------------------------------------|
| `language` | Yes | String | - | Programming language for the project. Supported are `java`, `dotnet`, `python`, `golang`, `flutter` and `php`. |
| `language-version` | Yes | String | - | Version of the programming language to set up. |
| `prepare-command` | No | String | - | Command(s) to run for project preparation, such as installing dependencies. |
| `java-version` | No | String | `11` | Version of Java to set up. |
| `semantic-release-extra-plugins` | No | String | - | Additional plugins to install for the semantic-release action. |

| Input Parameter | Required | Type | Default | Description |
|----------------------------------|----------|---------|------|----------------------------------------------------------------------------------------------------------------|
| `language` | Yes | String | - | Programming language for the project. Supported are `java`, `dotnet`, `python`, `golang`, `flutter` and `php`. |
| `language-version` | Yes | String | - | Version of the programming language to set up. |
| `prepare-command` | No | String | - | Command(s) to run for project preparation, such as installing dependencies. |
| `java-version` | No | String | `11` | Version of Java to set up. |
| `semantic-release-extra-plugins` | No | String | - | Additional plugins to install for the semantic-release action. |
| `appId` | No | String | - | GitHub App Id for creating GitHub token for the release |
#### Workflow Secrets

The workflow expects the following secrets to be provided:

| Secret Name | Description | Required For |
|--------------------|-------------------------------------------------------------|-----------------|
| `GH_RELEASE_TOKEN` | GitHub token used for making releases and other operations. | All projects |
| `PYPI_TOKEN` | PyPI token used for publishing Python packages. | Python projects |
| `NUGET_API_KEY` | NuGet API key for publishing .NET packages. | DotNET projects |
| Secret Name | Description | Required For |
|--------------------|------------------------------------------------------------------|-----------------|
| `APP_PRIVATE_KEY` | GitHub App private key for creating GitHub token for the release | All projects |
| `GH_RELEASE_TOKEN` | GitHub token used for making releases and other operations. | All projects |
| `PYPI_TOKEN` | PyPI token used for publishing Python packages. | Python projects |
| `NUGET_API_KEY` | NuGet API key for publishing .NET packages. | DotNET projects |

#### Example of usage:

Expand All @@ -333,6 +338,7 @@ jobs:
name: 'Publish new version'
uses: fingerprintjs/dx-team-toolkit/.github/workflows/release-server-sdk.yml@v1
with:
appId: ${{ vars.APP_ID }}
language: python
language-version: '3.9'
prepare-command: |
Expand All @@ -341,7 +347,7 @@ jobs:
pip install wheel
pip install twine
secrets:
GH_RELEASE_TOKEN: ${{ secrets.GH_RELEASE_TOKEN }}
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
```

Expand Down

0 comments on commit 1eddd53

Please sign in to comment.