Skip to content

Commit de35537

Browse files
marikanermarikaner
committed
use gh app
1 parent ff8d48c commit de35537

File tree

4 files changed

+114
-44
lines changed

4 files changed

+114
-44
lines changed

.github/workflows/dependabot-automerge.yaml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,21 @@ env:
1414
jobs:
1515
review-prs:
1616
runs-on: ubuntu-latest
17-
permissions:
18-
pull-requests: write
19-
contents: write
2017
steps:
2118
- name: Checkout
2219
uses: actions/checkout@v6
2320

21+
- name: "Create GitHub App Token"
22+
id: create-app-token
23+
uses: actions/create-github-app-token@v3
24+
with:
25+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
26+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
27+
owner: SAP
28+
repositories: cloud-sdk-java
29+
permission-contents: write
30+
permission-pull-requests: write
31+
2432
- name: Approve and Merge PRs
2533
run: |
2634
PRS=$(gh pr list --app "dependabot" --state "open" --json number,title)
@@ -47,4 +55,4 @@ jobs:
4755
gh pr review "$PR_NUMBER" --approve
4856
done <<< "$PR_NUMBERS"
4957
env:
50-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
58+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}

.github/workflows/javadoc.yaml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,12 +57,23 @@ jobs:
5757
- name: "Generate aggregated Javadoc"
5858
run: mvn clean javadoc:aggregate -Drelease -Djava.failOnWarning=false --projects "${PROJECTS}" --quiet
5959

60+
- name: "Create GitHub App Token"
61+
id: create-app-token
62+
uses: actions/create-github-app-token@v3
63+
with:
64+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
65+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
66+
owner: SAP
67+
repositories: cloud-sdk
68+
permission-contents: write
69+
permission-pull-requests: write
70+
6071
- name: "Checkout Docs Repository"
6172
uses: actions/checkout@v6
6273
with:
6374
repository: ${{ env.DOCS_REPO }}
6475
path: .cloud-sdk-docs
65-
token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
76+
token: ${{ steps.create-app-token.outputs.token }}
6677

6778
- name: "Replace JavaDoc"
6879
id: replace-javadoc
@@ -107,4 +118,4 @@ jobs:
107118
echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
108119
echo "PR: $PR_URL" >> $GITHUB_STEP_SUMMARY
109120
env:
110-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
121+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}

.github/workflows/perform-release.yml

Lines changed: 51 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
1-
name: "Perform Release"
1+
name: 'Perform Release'
22

33
on:
44
workflow_dispatch:
55
inputs:
66
release_pr_number:
7-
description: "The PR number of the release PR"
7+
description: 'The PR number of the release PR'
88
required: true
99
skip-pr-merge:
10-
description: "Whether to skip merging the PRs"
10+
description: 'Whether to skip merging the PRs'
1111
required: false
1212
default: false
1313
type: boolean
@@ -19,7 +19,7 @@ env:
1919

2020
jobs:
2121
prerequisites:
22-
name: "Prerequisites"
22+
name: 'Prerequisites'
2323
outputs:
2424
code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }}
2525
docs-branch: ${{ steps.determine-branch-names.outputs.DOCS_BRANCH_NAME }}
@@ -30,7 +30,7 @@ jobs:
3030
permissions: write-all # contents and push are needed to see the draft release
3131
runs-on: ubuntu-latest
3232
steps:
33-
- name: "Determine Branch Names"
33+
- name: 'Determine Branch Names'
3434
id: determine-branch-names
3535
run: |
3636
CODE_BRANCH_NAME=$(gh pr view ${{github.event.inputs.release_pr_number}} --repo ${{github.repository}} --json headRefName --jq '.headRefName')
@@ -39,22 +39,22 @@ jobs:
3939
RELEASE_COMMIT=$(gh release view $RELEASE_TAG --repo ${{github.repository}} --json targetCommitish --jq '.targetCommitish')
4040
RELEASE_NOTES_BRANCH_NAME=java/release-notes-$RELEASE_VERSION
4141
RELEASE_JAVADOC_BRANCH_NAME=java/release-docs-$RELEASE_VERSION
42-
42+
4343
echo "CODE_BRANCH_NAME=$CODE_BRANCH_NAME" >> $GITHUB_OUTPUT
4444
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
4545
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT
4646
echo "RELEASE_COMMIT=$RELEASE_COMMIT" >> $GITHUB_OUTPUT
4747
echo "RELEASE_NOTES_BRANCH_NAME=$RELEASE_NOTES_BRANCH_NAME" >> $GITHUB_OUTPUT
4848
echo "RELEASE_JAVADOC_BRANCH_NAME=$RELEASE_JAVADOC_BRANCH_NAME" >> $GITHUB_OUTPUT
49-
49+
5050
echo -e "[DEBUG] Current GITHUB_OUTPUT:\n$(cat $GITHUB_OUTPUT)"
5151
env:
5252
GH_TOKEN: ${{ github.token }}
5353

54-
- name: "Checkout Repository"
54+
- name: 'Checkout Repository'
5555
uses: actions/checkout@v6
5656

57-
- name: "Check Whether Code PR Can Be Merged"
57+
- name: 'Check Whether Code PR Can Be Merged'
5858
if: ${{ inputs.skip-pr-merge != 'true' }}
5959
uses: ./.github/actions/pr-is-mergeable
6060
with:
@@ -65,53 +65,72 @@ jobs:
6565
\"dependabot merger\": []
6666
}
6767
68-
- name: "Check Code Release Commit Continuous Integration"
68+
- name: 'Check Code Release Commit Continuous Integration'
6969
if: ${{ inputs.skip-pr-merge != 'true' }}
7070
uses: ./.github/actions/workflow-succeeded
7171
with:
72-
workflow: "Continuous Integration"
72+
workflow: 'Continuous Integration'
7373
sha: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }}
74-
excluded-jobs: "[\"Run BlackDuck Scan\"]"
74+
excluded-jobs: '["Run BlackDuck Scan"]'
7575

76-
- name: "Check Whether Release Notes PR Can Be Merged"
76+
- name: 'Create GitHub App Token'
77+
id: create-app-token
78+
uses: actions/create-github-app-token@v3
79+
with:
80+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
81+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
82+
owner: SAP
83+
repositories: cloud-sdk
84+
85+
- name: 'Check Whether Release Notes PR Can Be Merged'
7786
if: ${{ inputs.skip-pr-merge != 'true' }}
7887
uses: ./.github/actions/pr-is-mergeable
7988
with:
8089
pr-ref: ${{ steps.determine-branch-names.outputs.RELEASE_NOTES_BRANCH_NAME }}
8190
repo: ${{ env.DOCS_REPO }}
82-
token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
91+
token: ${{ steps.create-app-token.outputs.token }}
8392
excluded-check-runs: |
8493
{
8594
\"Build Cloud SDK Documentation\": [\"dependabot\"]
8695
}
8796
88-
- name: "Check Whether JavaDoc PR Can Be Merged"
97+
- name: 'Check Whether JavaDoc PR Can Be Merged'
8998
if: ${{ inputs.skip-pr-merge != 'true' }}
9099
uses: ./.github/actions/pr-is-mergeable
91100
with:
92101
pr-ref: ${{ steps.determine-branch-names.outputs.RELEASE_JAVADOC_BRANCH_NAME }}
93102
repo: ${{ env.DOCS_REPO }}
94-
token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
103+
token: ${{ steps.create-app-token.outputs.token }}
95104
excluded-check-runs: |
96105
{
97106
\"Build Cloud SDK Documentation\": [\"dependabot\"]
98107
}
99108
100109
release:
101-
name: "Release"
102-
needs: [ prerequisites ]
110+
name: 'Release'
111+
needs: [prerequisites]
103112
runs-on: ubuntu-latest
104113
permissions:
105114
contents: write # needed to modify the release draft
106-
pull-requests: write # needed to merge the release PR
107115
steps:
108-
- name: "Setup java"
116+
- name: 'Create GitHub App Token'
117+
id: create-app-token
118+
uses: actions/create-github-app-token@v3
119+
with:
120+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
121+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
122+
owner: SAP
123+
repositories: cloud-sdk-java,cloud-sdk
124+
permission-contents: write
125+
permission-pull-requests: write # needed to merge the release PR
126+
127+
- name: 'Setup java'
109128
uses: actions/setup-java@v5
110129
with:
111-
distribution: "sapmachine"
130+
distribution: 'sapmachine'
112131
java-version: ${{ env.JAVA_VERSION }}
113132

114-
- name: "Download Release Asset"
133+
- name: 'Download Release Asset'
115134
id: download-asset
116135
run: |
117136
gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}"
@@ -120,42 +139,42 @@ jobs:
120139
env:
121140
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
122141

123-
- name: "Import GPG Key"
142+
- name: 'Import GPG Key'
124143
run: |
125144
echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$MAVEN_GPG_PASSPHRASE" --import
126145
env:
127146
MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
128147

129-
- name: "Create settings.xml"
148+
- name: 'Create settings.xml'
130149
run: |
131150
echo '${{ secrets.CENTRAL_SONATYPE_SETTINGS_XML }}' > settings.xml
132151
133-
- name: "Deploy"
152+
- name: 'Deploy'
134153
run: |
135154
MVN_ARGS="${{ env.MVN_CLI_ARGS }} -Drelease -s settings.xml"
136155
mvn deploy $MVN_ARGS
137156
env:
138157
MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
139158

140-
- name: "Merge Code PR"
159+
- name: 'Merge Code PR'
141160
if: ${{ inputs.skip-pr-merge != 'true' }}
142161
run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}"
143162
env:
144-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
163+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}
145164

146-
- name: "Publish the Draft Release"
165+
- name: 'Publish the Draft Release'
147166
run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}"
148167
env:
149168
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
150169

151-
- name: "Merge Release Notes PR"
170+
- name: 'Merge Release Notes PR'
152171
if: ${{ inputs.skip-pr-merge != 'true' }}
153172
run: gh pr merge --squash "${{ needs.prerequisites.outputs.release-notes-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}"
154173
env:
155-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
174+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}
156175

157-
- name: "Merge JavaDoc PR"
176+
- name: 'Merge JavaDoc PR'
158177
if: ${{ inputs.skip-pr-merge != 'true' }}
159178
run: gh pr merge --squash "${{ needs.prerequisites.outputs.release-javadoc-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}"
160179
env:
161-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
180+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}

.github/workflows/prepare-release.yaml

Lines changed: 38 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -181,17 +181,28 @@ jobs:
181181
pr-url: ${{ steps.create-release-notes-pr.outputs.PR_URL }}
182182
runs-on: ubuntu-latest
183183
steps:
184+
- name: "Create GitHub App Token"
185+
id: create-app-token
186+
uses: actions/create-github-app-token@v3
187+
with:
188+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
189+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
190+
owner: SAP
191+
repositories: cloud-sdk-java,cloud-sdk
192+
permission-contents: write
193+
permission-pull-requests: write
194+
184195
- name: "Checkout Code Repository"
185196
uses: actions/checkout@v6
186197
with:
187198
ref: ${{ needs.bump-version.outputs.release-branch }}
188-
token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
199+
token: ${{ steps.create-app-token.outputs.token }}
189200
- name: "Checkout Docs Repository"
190201
uses: actions/checkout@v6
191202
with:
192203
repository: ${{ env.DOCS_REPO }}
193204
path: .cloud-sdk-docs
194-
token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
205+
token: ${{ steps.create-app-token.outputs.token }}
195206
- name: "Prepare Git"
196207
working-directory: ./.cloud-sdk-docs
197208
run: |
@@ -234,7 +245,7 @@ jobs:
234245
PR_URL=$(gh pr create --title "$PR_TITLE" --body "$PR_BODY" --repo "${{ env.DOCS_REPO }}")
235246
echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
236247
env:
237-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
248+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}
238249

239250
- name: "Reset Release Notes for Next Version"
240251
run: |
@@ -259,11 +270,22 @@ jobs:
259270
pr-url: ${{ steps.create-code-pr.outputs.PR_URL }}
260271
runs-on: ubuntu-latest
261272
steps:
273+
- name: "Create GitHub App Token"
274+
id: create-app-token
275+
uses: actions/create-github-app-token@v3
276+
with:
277+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
278+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
279+
owner: SAP
280+
repositories: cloud-sdk-java
281+
permission-contents: write
282+
permission-pull-requests: write
283+
262284
- name: "Checkout Repository"
263285
uses: actions/checkout@v6
264286
with:
265287
ref: ${{ needs.bump-version.outputs.release-branch }}
266-
token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} # this is needed so that the same token is used when pushing our changes later. Otherwise, our on: push workflows (i.e. our continuous integration) won't be triggered.
288+
token: ${{ steps.create-app-token.outputs.token }} # this is needed so that the same token is used when pushing our changes later. Otherwise, our on: push workflows (i.e. our continuous integration) won't be triggered.
267289
- name: "Prepare Git"
268290
run: |
269291
git config --global user.email "cloudsdk@sap.com"
@@ -290,7 +312,7 @@ jobs:
290312
- [ ] Once the `Perform Release` workflow is through, head over to [Central Sonatype](https://central.sonatype.com/publishing/deployments) and log in with the credentials in the Team Password Safe. There should be a published release.")
291313
echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
292314
env:
293-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
315+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}
294316

295317
handle-failure:
296318
runs-on: ubuntu-latest
@@ -325,9 +347,19 @@ jobs:
325347
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
326348
continue-on-error: true
327349

350+
- name: "Create GitHub App Token"
351+
id: create-app-token
352+
uses: actions/create-github-app-token@v3
353+
with:
354+
app-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
355+
private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
356+
owner: SAP
357+
repositories: cloud-sdk
358+
permission-pull-requests: write
359+
328360
- name: "Delete Release Notes PR"
329361
if: ${{ needs.create-release-notes-pr.outputs.pr-url != '' }}
330362
run: gh pr close --repo "${{ env.DOCS_REPO }}" ${{ needs.create-release-notes-pr.outputs.pr-url }} --delete-branch
331363
env:
332-
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
364+
GH_TOKEN: ${{ steps.create-app-token.outputs.token }}
333365
continue-on-error: true

0 commit comments

Comments
 (0)