Skip to content

Commit ad7e489

Browse files
MattSturgeonMattSturgeon
committed
ci/update: use nix-community GitHub App
1 parent fb2d007 commit ad7e489

File tree

1 file changed

+22
-9
lines changed

1 file changed

+22
-9
lines changed

.github/workflows/update.yml

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -43,21 +43,34 @@ jobs:
4343
workflow_run_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
4444

4545
steps:
46+
- name: Create GitHub App token
47+
uses: actions/create-github-app-token@v2
48+
id: app-token
49+
with:
50+
app-id: ${{ vars.CI_APP_ID }}
51+
private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
52+
53+
- name: Get GitHub App User ID
54+
id: user-id
55+
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
56+
env:
57+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
58+
59+
- name: Configure git
60+
run: |
61+
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
62+
git config --global user.email '${{ steps.user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
63+
4664
- name: Checkout repository
4765
uses: actions/checkout@v4
4866
with:
49-
ssh-key: ${{ secrets.CI_UPDATE_SSH_KEY }}
67+
token: ${{ steps.app-token.outputs.token }}
5068

5169
- name: Install Nix
5270
uses: cachix/install-nix-action@v31
5371
with:
5472
nix_path: nixpkgs=channel:nixos-unstable
55-
github_access_token: ${{ secrets.GITHUB_TOKEN }}
56-
57-
- name: Configure git
58-
run: |
59-
git config user.name 'github-actions[bot]'
60-
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
73+
github_access_token: ${{ steps.app-token.outputs.token }}
6174

6275
- name: Create update branch
6376
run: |
@@ -67,7 +80,7 @@ jobs:
6780
- name: Get info on the current PR
6881
id: open_pr_info
6982
env:
70-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
83+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
7184
run: |
7285
# Query for info about the already open update PR
7386
info=$(
@@ -179,7 +192,7 @@ jobs:
179192
id: updated_pr
180193
if: steps.diff.outputs.count
181194
env:
182-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
195+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
183196
pr_num: ${{ steps.open_pr_info.outputs.number }}
184197
title: |
185198
[${{ github.ref_name }}] Update flake.lock & generated files

0 commit comments

Comments
 (0)