@@ -22,17 +22,26 @@ jobs:
2222 update-upstream :
2323 name : Update Upstream
2424 runs-on : self-hosted
25+ environment : update-upstream
2526
2627 steps :
28+ - name : Generate GitHub App token
29+ id : app-token
30+ uses : actions/create-github-app-token@v2
31+ with :
32+ app-id : ${{ secrets.APP_ID }}
33+ private-key : ${{ secrets.PRIVATE_KEY }}
34+
2735 - name : Checkout repo
2836 uses : actions/checkout@v6.0.2
2937 with :
3038 fetch-depth : 0
39+ token : ${{ steps.app-token.outputs.token }}
3140
3241 - name : Authenticate
3342 run : |
34- git config --global user.name "github-actions [bot]"
35- git config --global user.email "github-actions [bot]@users.noreply.github.com"
43+ git config --global user.name "surf-canvas-upstream-bot [bot]"
44+ git config --global user.email "surf-canvas-upstream-bot [bot]@users.noreply.github.com"
3645
3746name : Resolve Canvas branch
3847 run : |
@@ -53,14 +62,14 @@ jobs:
5362name : Check if update is needed
5463 run : |
5564 OPEN_ISSUE=$(curl -s \
56- -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
65+ -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
5766 -H "Accept: application/vnd.github+json" \
5867 "https://api.github.com/repos/${{ github.repository }}/issues?state=open&labels=upstream-update&per_page=1" \
5968 | jq -r '.[0].number // empty')
6069
6170 CURRENT_COMMIT=$(grep '^canvasCommit' gradle.properties | awk -F '=' '{print $2}' | tr -d '[:space:]\r')
6271 LATEST_COMMIT=$(curl -s \
63- -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
72+ -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
6473 "https://api.github.com/repos/CraftCanvasMC/Canvas/commits/$CANVAS_BRANCH" \
6574 | jq -r '.sha' | tr -d '[:space:]\r')
6675
@@ -165,7 +174,7 @@ jobs:
165174 if : env.APPLY_FAILED == 'true' && env.SKIP == 'false'
166175 run : |
167176 curl -s -X POST \
168- -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
177+ -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
169178 -H "Accept: application/vnd.github+json" \
170179 "https://api.github.com/repos/${{ github.repository }}/issues" \
171180 -d "{
@@ -178,7 +187,7 @@ jobs:
178187 if : env.BUILD_FAILED == 'true' && env.APPLY_FAILED != 'true' && env.SKIP == 'false'
179188 run : |
180189 curl -s -X POST \
181- -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
190+ -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
182191 -H "Accept: application/vnd.github+json" \
183192 "https://api.github.com/repos/${{ github.repository }}/issues" \
184193 -d "{
@@ -191,7 +200,7 @@ jobs:
191200 if : env.BUILD_FAILED != 'true' && env.APPLY_FAILED != 'true' && env.SKIP == 'false'
192201 run : |
193202 UPDATES=$(curl -s \
194- -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
203+ -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
195204 -H "Accept: application/vnd.github+json" \
196205 "https://api.github.com/repos/CraftCanvasMC/Canvas/compare/$CURRENT_COMMIT...$LATEST_COMMIT" \
197206 | jq -r '.commits[] | "CraftCanvasMC/Canvas@\(.sha[:7]) - \(.commit.message | split("\n")[0])"')
@@ -202,8 +211,16 @@ jobs:
202211
203212name : Commit and push
204213 if : env.BUILD_FAILED != 'true' && env.APPLY_FAILED != 'true' && env.SKIP == 'false'
214+ env :
215+ APP_TOKEN : ${{ steps.app-token.outputs.token }}
205216 run : |
206217 git add .
207218 git restore --staged commit_message.txt
219+ git diff --cached --quiet && {
220+ echo "No changes to commit."
221+ exit 0
222+ }
223+
208224 git commit -F commit_message.txt
209- git push origin HEAD
225+ git remote set-url origin "https://x-access-token:${APP_TOKEN}@github.com/${{ github.repository }}.git"
226+ git push origin HEAD:master
0 commit comments