Skip to content

Commit 7209c31

Browse files
chore(release): use own GH app for releasing (#958)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: semantic-release <semantic-release> Co-authored-by: cyclonedx-internal-release-bot[bot] <275040549+cyclonedx-internal-release-bot[bot]@users.noreply.github.com> Co-authored-by: cyclonedx-releases[bot] <275040549+cyclonedx-releases[bot]@users.noreply.github.com>
1 parent 204dfdd commit 7209c31

2 files changed

Lines changed: 22 additions & 4 deletions

File tree

.github/workflows/release.yml

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -103,11 +103,28 @@ jobs:
103103
id-token: write
104104
contents: write
105105
steps:
106+
- name: Generate GitHub App Token
107+
id: release-bot-token
108+
# see https://github.com/actions/create-github-app-token
109+
uses: actions/create-github-app-token@v3
110+
with:
111+
# see https://github.com/organizations/CycloneDX/settings/apps/cyclonedx-releases
112+
app-id: 3335294
113+
private-key: ${{ secrets.CDX_RELEASE_BOT_PRIVATE_KEY }}
114+
- name: Get GitHub App User ID
115+
id: release-bot-user-id
116+
run: |
117+
set -xeu
118+
echo "user-id=$(gh api "/users/${{ steps.release-bot-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
119+
env:
120+
GH_TOKEN: ${{ steps.release-bot-token.outputs.token }}
121+
106122
- name: Checkout code
107123
# see https://github.com/actions/checkout
108124
uses: actions/checkout@v6
109125
with:
110126
fetch-depth: 0
127+
token: ${{ steps.release-bot-token.outputs.token }}
111128

112129
- name: Setup python
113130
# see https://github.com/actions/setup-python
@@ -134,7 +151,9 @@ jobs:
134151
# see https://github.com/python-semantic-release/python-semantic-release
135152
uses: python-semantic-release/python-semantic-release@v10.0.2
136153
with:
137-
github_token: ${{ secrets.GITHUB_TOKEN }}
154+
git_committer_name: ${{ steps.release-bot-token.outputs.app-slug }}[bot]
155+
git_committer_email: ${{ steps.release-bot-user-id.outputs.user-id }}+${{ steps.release-bot-token.outputs.app-slug }}[bot]@users.noreply.github.com
156+
github_token: ${{ steps.release-bot-token.outputs.token }}
138157
force: ${{ github.event.inputs.release_force }}
139158
prerelease: ${{ github.event.inputs.prerelease }}
140159
prerelease_token: ${{ github.event.inputs.prerelease_token }}
@@ -151,5 +170,5 @@ jobs:
151170
# see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html#python-semantic-release-publish-action
152171
uses: python-semantic-release/publish-action@v10
153172
with:
154-
github_token: ${{ secrets.GITHUB_TOKEN }}
173+
github_token: ${{ steps.release-bot-token.outputs.token }}
155174
tag: ${{ steps.release.outputs.tag }}

pyproject.toml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -115,8 +115,7 @@ jsonschema = { version = "*", extras = ["format"], optional=true }
115115
logging_use_named_masks = true
116116
commit_parser = "conventional"
117117
commit_parser_options = { parse_squash_commits = true, ignore_merge_commits = true }
118-
commit_author = "semantic-release <semantic-release@bot.local>"
119-
commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release\n\nSigned-off-by: semantic-release <semantic-release@bot.local>"
118+
commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release"
120119
upload_to_vcs_release = true
121120
build_command = """
122121
pip install poetry

0 commit comments

Comments
 (0)