Update docker workflow

sarahchen6 · sarahchen6 · commit 184ac68dfd40 · 2025-08-14T14:07:12.000-04:00
diff --git a/.github/workflows/update-docker-build-image.yaml b/.github/workflows/update-docker-build-image.yaml
@@ -15,7 +15,7 @@ jobs:
   update-docker-build-image:
     runs-on: ubuntu-latest
     permissions:
-      contents: write # Required to create and push branch
+      contents: read
       id-token: write # Required for OIDC token federation
     steps:
       - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
@@ -58,11 +58,12 @@ jobs:
           else
             echo "commit_changes=true" >> "$GITHUB_OUTPUT"
           fi
-      - name: Download ghcommit CLI
+      - name: Configure git
         if: steps.check-changes.outputs.commit_changes == 'true'
+        id: configure-git
         run: |
-          curl https://github.com/planetscale/ghcommit/releases/download/v0.1.48/ghcommit_linux_amd64 -o /usr/local/bin/ghcommit -L
-          chmod +x /usr/local/bin/ghcommit
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
       - name: Pick a branch name
         if: steps.check-changes.outputs.commit_changes == 'true'
         id: define-branch
@@ -72,16 +73,23 @@ jobs:
         run: |
           git checkout -b ${{ steps.define-branch.outputs.branch }}
           git push -u origin ${{ steps.define-branch.outputs.branch }} --force
-      - name: Commit and push changes
-        if: steps.check-changes.outputs.commit_changes == 'true'
         env:
           GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
+      - name: Commit changes
+        if: steps.check-changes.outputs.commit_changes == 'true'
+        id: create-commit
         run: |
-          ghcommit --repository ${{ github.repository }} --branch ${{ steps.define-branch.outputs.branch }} --add .gitlab-ci.yml --message "feat(ci): Update Docker build image"
+          git commit --message "feat(ci): Update Docker build image" .gitlab-ci.yml
+          echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+      - name: Push changes
+        uses: Asana/push-signed-commits@d615ca88d8e1a946734c24970d1e7a6c56f34897
+        if: ${{ steps.create-commit.outputs.commit != '' }}
+        with:
+          github-token: ${{ steps.octo-sts.outputs.token }}
+          local_branch_name: ${{ steps.define-branch.outputs.branch }}
+          remote_branch_name: ${{ steps.define-branch.outputs.branch }}
       - name: Create pull request
         if: steps.check-changes.outputs.commit_changes == 'true'
-        env:
-          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
         run: |
           gh pr create --title "Update Docker build image" \
             --base master \
@@ -90,3 +98,5 @@ jobs:
             --label "type: enhancement" \
             --label "tag: no release notes" \
             --body "This PR updates the Docker build image to ${{ steps.define-tag.outputs.tag }}."
+        env:
+          GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
