Skip to content

ci: auto-commit release assets on tags #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
roderik merged 1 commit into from
Sep 17, 2025
Merged

ci: auto-commit release assets on tags #13

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/qa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ jobs:
SLACK_CHANNEL_ID: op://platform/slack-bot/SLACK_CHANNEL_ID
HARBOR_USER: op://platform/harbor/username
HARBOR_PASS: op://platform/harbor/password
PAT_TOKEN: op://platform/github-commit-pat/credential

# Label QA as running and notify Slack (only for non-draft PRs)
- name: Label QA as running
Expand Down Expand Up @@ -127,6 +128,18 @@ jobs:
if: github.event_name == 'pull_request' || github.event_name == 'push'
run: bun run docs:helm

# Commit generated version metadata and README updates on release tags
- name: Auto-commit release assets
if: github.event_name == 'push' && steps.version.outputs.tag == 'latest'
uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v5
with:
commit_message: "chore(release): sync generated assets [skip ci]"
branch: main
file_pattern: 'package.json **/package.json charts/**/Chart.yaml charts/**/README.md README.md'
Comment on lines +131 to +138
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P1] Grant write permissions before auto-committing release assets

The new auto-commit step pushes generated files back to main, but the job’s permissions earlier in this workflow restrict the default GITHUB_TOKEN to contents: read. With read-only token scopes, git-auto-commit-action will fail when attempting to push on release tag runs, causing the QA workflow to fail. Either increase the job’s contents permission to write or use a separate PAT so the commit can actually be created.

Useful? React with 👍 / 👎.

github_token: ${{ env.PAT_TOKEN }}
commit_author_name: 'SettleMint Release Bot'
commit_author_email: 'support@settlemint.com'

- name: Docker meta
if: github.event_name == 'pull_request' || github.event_name == 'push'
id: meta
Expand Down