ci(gitflow): Use personal access token to create PR (getsentry#7026)

Otherwise, workflows will not be triggered due to security issues. See peter-evans/create-pull-request#48 for details.
akaedu2012 · Feb 1, 2023 · a90ba73 · a90ba73
1 parent 236b173
commit a90ba73
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/.github/workflows/gitflow-sync-develop.yml b/.github/workflows/gitflow-sync-develop.yml
@@ -12,7 +12,7 @@ on:
 
 env:
   SOURCE_BRANCH: master
-  TAGRET_BRANCH: develop
+  TARGET_BRANCH: develop
 
 jobs:
   main:
@@ -35,6 +35,8 @@ jobs:
           pr_title: '[Gitflow] Merge ${{ env.SOURCE_BRANCH }} into ${{ env.TARGET_BRANCH }}'
           pr_body: 'Merge ${{ env.SOURCE_BRANCH }} branch into ${{ env.TARGET_BRANCH }}'
           pr_label: 'Dev: Gitflow'
+          # This token is scoped to Daniel Griesser
+          github_token: ${{ secrets.REPO_SCOPED_TOKEN }}
 
       # https://github.com/marketplace/actions/enable-pull-request-automerge
       - name: Enable automerge for PR
@@ -47,10 +49,8 @@ jobs:
       # https://github.com/marketplace/actions/auto-approve
       - name: Auto approve PR
         # Always skip this for now, until we got a proper bot setup
-        if: steps.open-pr.outputs.pr_number != '' || 1 == 2
+        if: steps.open-pr.outputs.pr_number != ''
         uses: hmarr/auto-approve-action@v3
         with:
           pull-request-number: ${{ steps.open-pr.outputs.pr_number }}
           review-message: 'Auto approved automated PR'
-          # TODO: Use the token of some user here??
-          # github-token: ${{ secrets.SOME_USERS_PAT }}
diff --git a/.github/workflows/gitflow-sync-master.yml b/.github/workflows/gitflow-sync-master.yml
@@ -32,6 +32,8 @@ jobs:
           pr_title: '[Gitflow] Merge ${{ github.ref_name }} into ${{ env.MAIN_BRANCH }}'
           pr_body: 'Merge ${{ github.ref_name }} branch into ${{ env.MAIN_BRANCH }}'
           pr_label: 'Dev: Gitflow'
+          # This token is scoped to Daniel Griesser
+          github_token: ${{ secrets.REPO_SCOPED_TOKEN }}
 
       # https://github.com/marketplace/actions/enable-pull-request-automerge
       - name: Enable automerge for PR
@@ -44,10 +46,17 @@ jobs:
       # https://github.com/marketplace/actions/auto-approve
       - name: Auto approve PR
         # Always skip this for now, until we got a proper bot setup
-        if: steps.open-pr.outputs.pr_number != '' || 1 == 2
+        if: steps.open-pr.outputs.pr_number != ''
         uses: hmarr/auto-approve-action@v3
         with:
           pull-request-number: ${{ steps.open-pr.outputs.pr_number }}
           review-message: 'Auto approved automated PR'
-          # TODO: Use the token of some user here??
-          # github-token: ${{ secrets.SOME_USERS_PAT }}
+
+  skipped:
+    runs-on: ubuntu-20.04
+    if: |
+      github.event.pull_request.merged == false
+      || startsWith(github.event.pull_request.title, "meta(changelog):") == false
+    steps:
+      - name: Sync skipped
+        run: echo "OK"