Skip to content

Commit 6dc4b7f

Browse files
authored
Merge pull request aws#1210 from aws/chore/replace-github-token-with-app-token
chore: replace all github.token/GITHUB_TOKEN with GitHub App token
2 parents a15c756 + 0e6d577 commit 6dc4b7f

7 files changed

Lines changed: 73 additions & 12 deletions

File tree

.github/workflows/cleanup-pr-tarballs.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,16 @@ jobs:
1414
runs-on: ubuntu-latest
1515

1616
steps:
17+
- name: Generate GitHub App Token
18+
id: app-token
19+
uses: actions/create-github-app-token@v1
20+
with:
21+
app-id: ${{ vars.APP_ID }}
22+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
1723
- uses: actions/checkout@v6
1824
- name: Delete PR tarball releases older than 7 days
1925
env:
20-
GH_TOKEN: ${{ github.token }}
26+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
2127
run: |
2228
CUTOFF=$(date -u -d '7 days ago' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -u -v-7d +%Y-%m-%dT%H:%M:%SZ)
2329

.github/workflows/pr-tarball.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,10 +50,16 @@ jobs:
5050
run: |
5151
TARBALL_NAME=$(ls *.tgz | head -1 | xargs basename)
5252
echo "name=$TARBALL_NAME" >> $GITHUB_OUTPUT
53+
- name: Generate GitHub App Token
54+
id: app-token
55+
uses: actions/create-github-app-token@v1
56+
with:
57+
app-id: ${{ vars.APP_ID }}
58+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
5359
- name: Create or update PR release
5460
id: release
5561
env:
56-
GH_TOKEN: ${{ github.token }}
62+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
5763
PR_NUMBER: ${{ github.event.pull_request.number }}
5864
TARBALL_NAME: ${{ steps.tarball.outputs.name }}
5965
run: |

.github/workflows/release-main-and-preview.yml

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -135,9 +135,16 @@ jobs:
135135
- name: Update snapshots
136136
run: npm run test:update-snapshots
137137

138+
- name: Generate GitHub App Token
139+
id: app-token
140+
uses: actions/create-github-app-token@v1
141+
with:
142+
app-id: ${{ vars.APP_ID }}
143+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
144+
138145
- name: Create release branch and PR
139146
env:
140-
GH_TOKEN: ${{ github.token }}
147+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
141148
NEW_VERSION: ${{ steps.bump.outputs.version }}
142149
run: |
143150
BRANCH_NAME="release/v$NEW_VERSION"
@@ -219,9 +226,16 @@ jobs:
219226
- name: Update snapshots
220227
run: npm run test:update-snapshots
221228

229+
- name: Generate GitHub App Token
230+
id: app-token
231+
uses: actions/create-github-app-token@v1
232+
with:
233+
app-id: ${{ vars.APP_ID }}
234+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
235+
222236
- name: Create release branch and PR
223237
env:
224-
GH_TOKEN: ${{ github.token }}
238+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
225239
NEW_VERSION: ${{ steps.bump.outputs.version }}
226240
run: |
227241
BRANCH_NAME="release/v$NEW_VERSION"

.github/workflows/release.yml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,9 +160,16 @@ jobs:
160160
exit 1
161161
fi
162162
163+
- name: Generate GitHub App Token
164+
id: app-token
165+
uses: actions/create-github-app-token@v1
166+
with:
167+
app-id: ${{ vars.APP_ID }}
168+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
169+
163170
- name: Create Pull Request
164171
env:
165-
GH_TOKEN: ${{ github.token }}
172+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
166173
NEW_VERSION: ${{ steps.bump.outputs.version }}
167174
BASE_BRANCH: ${{ steps.release-meta.outputs.base_branch }}
168175
DIST_TAG: ${{ steps.release-meta.outputs.dist_tag }}

.github/workflows/strands-command.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,12 @@ jobs:
9494
};
9595
await processInputs(context, github, core, inputs);
9696
97+
- name: Generate GitHub App Token
98+
id: app-token
99+
uses: actions/create-github-app-token@v1
100+
with:
101+
app-id: ${{ vars.APP_ID }}
102+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
97103
- name: Run Strands Agent
98104
uses: ./.github/actions/strands-action
99105
with:
@@ -104,7 +110,7 @@ jobs:
104110
tools: 'strands_tools:shell,retrieve'
105111
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
106112
aws_region: 'us-west-2'
107-
pat_token: ${{ secrets.GITHUB_TOKEN }}
113+
pat_token: ${{ steps.app-token.outputs.token }}
108114
env:
109115
SESSION_ID: ${{ steps.process-inputs.outputs.session_id }}
110116
S3_SESSION_BUCKET: ${{ secrets.AGENT_SESSIONS_BUCKET }}

.github/workflows/sync-from-public.yml

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,17 @@ jobs:
1313
sync:
1414
runs-on: ubuntu-latest
1515
steps:
16+
- name: Generate GitHub App Token
17+
id: app-token
18+
uses: actions/create-github-app-token@v1
19+
with:
20+
app-id: ${{ vars.APP_ID }}
21+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
22+
1623
- uses: actions/checkout@v4
1724
with:
1825
fetch-depth: 0
19-
token: ${{ secrets.GITHUB_TOKEN }}
26+
token: ${{ steps.app-token.outputs.token }}
2027

2128
- name: Configure Git
2229
run: |
@@ -101,15 +108,22 @@ jobs:
101108
--head "$conflict_branch" || echo "⚠️ Failed to create PR"
102109
fi
103110
env:
104-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
111+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
105112

106113
sync-preview:
107114
runs-on: ubuntu-latest
108115
steps:
116+
- name: Generate GitHub App Token
117+
id: app-token
118+
uses: actions/create-github-app-token@v1
119+
with:
120+
app-id: ${{ vars.APP_ID }}
121+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
122+
109123
- uses: actions/checkout@v4
110124
with:
111125
fetch-depth: 0
112-
token: ${{ secrets.GITHUB_TOKEN }}
126+
token: ${{ steps.app-token.outputs.token }}
113127

114128
- name: Configure Git
115129
run: |
@@ -194,4 +208,4 @@ jobs:
194208
--head "$conflict_branch" || echo "⚠️ Failed to create PR"
195209
fi
196210
env:
197-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
211+
GH_TOKEN: ${{ steps.app-token.outputs.token }}

.github/workflows/sync-preview.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,14 @@ jobs:
5252
echo "status=conflict" >> $GITHUB_OUTPUT
5353
fi
5454
55+
- name: Generate GitHub App Token
56+
if: steps.merge.outputs.status == 'conflict'
57+
id: app-token
58+
uses: actions/create-github-app-token@v1
59+
with:
60+
app-id: ${{ vars.APP_ID }}
61+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
62+
5563
- name: Get original commit author
5664
if: steps.merge.outputs.status == 'conflict'
5765
id: author
@@ -65,12 +73,12 @@ jobs:
6573
echo "name=$AUTHOR" >> $GITHUB_OUTPUT
6674
echo "gh_user=$GH_USER" >> $GITHUB_OUTPUT
6775
env:
68-
GH_TOKEN: ${{ github.token }}
76+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
6977

7078
- name: Create PR for conflict resolution
7179
if: steps.merge.outputs.status == 'conflict'
7280
env:
73-
GH_TOKEN: ${{ github.token }}
81+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
7482
AUTHOR_NAME: ${{ steps.author.outputs.name }}
7583
AUTHOR_GH: ${{ steps.author.outputs.gh_user }}
7684
run: |

0 commit comments

Comments
 (0)