ci(steps): Handle push into protected branch

rizqyfahmi · rizqyfahmi · commit 1a30b388131e · 2025-07-19T23:47:09.000+07:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -53,6 +53,24 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
+      - name: 'Generate token'
+        id: GENERATE_TOKEN
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ steps.decode.outputs.private-key }}
+
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.GENERATE_TOKEN.outputs.app-slug }}" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.GENERATE_TOKEN.outputs.token }}
+
+      - name: Set global username and email
+        run: |
+          git config --global user.name '${{ steps.GENERATE_TOKEN.outputs.app-slug }}'
+          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.GENERATE_TOKEN.outputs.app-slug }}[bot]@users.noreply.github.com'
+
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -78,8 +96,12 @@ jobs:
         with:
           inputs: "*.tgz"
 
+      - name: Debug auth
+        run: |
+          curl -s -H "Authorization: token ${{ steps.GENERATE_TOKEN.outputs.token }}" https://api.github.com/user
+
       - name: Run Semantic Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.GENERATE_TOKEN.outputs.token }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npx semantic-release
