Skip to content

Commit 4f82dac

Browse files
anand-testcompareanand-testcompare
authored
docs(pkgbuilds): document shpit secret setup (#1)
1 parent da273f9 commit 4f82dac

1 file changed

Lines changed: 36 additions & 0 deletions

File tree

docs/setup.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,13 @@ Result:
1818
- branch and PR creation use the repo `GITHUB_TOKEN`
1919
- `tabex-bin` and `osyrra-bin` update only if the repo has access to `SHPIT_GH_TOKEN`
2020
- AUR publishing is skipped without failing
21+
- upstream `tabex` and `osyrra` release workflows can also trigger this workflow automatically with `gh workflow run version-bumps.yml`, but that depends on `SHPIT_WORKFLOW_DISPATCH_TOKEN` being available in their Depot CI repo secrets
22+
23+
## GitHub UI Links
24+
25+
- create PAT: <https://github.com/settings/personal-access-tokens>
26+
- review active org PATs: <https://github.com/organizations/shpitdev/settings/personal-access-tokens/active>
27+
- manage org Actions secrets: <https://github.com/organizations/shpitdev/settings/secrets/actions>
2128

2229
## SHPIT_GH_TOKEN
2330

@@ -34,6 +41,35 @@ gh secret set SHPIT_GH_TOKEN \
3441

3542
If you later want to narrow or broaden repo access without changing the secret value, rerun the same command with a different repo list.
3643

44+
## SHPIT_WORKFLOW_DISPATCH_TOKEN
45+
46+
Create a fine-grained PAT that can trigger workflow dispatches in:
47+
48+
- `shpitdev/homebrew-tap`
49+
- `shpitdev/pkgbuilds`
50+
51+
Store that PAT as the GitHub org secret `SHPIT_WORKFLOW_DISPATCH_TOKEN` with `selected` visibility for these producer repos:
52+
53+
- `shpitdev/tabex`
54+
- `shpitdev/osyrra`
55+
56+
Those producer release workflows run in Depot CI, so GitHub org secrets are not enough on their own. Mirror the same secret into Depot for each producer repo with one of these paths:
57+
58+
```bash
59+
cd /home/anandpant/Development/shpitdev/tabex
60+
depot ci migrate secrets-and-vars -y
61+
62+
cd /home/anandpant/Development/shpitdev/osyrra
63+
depot ci migrate secrets-and-vars -y
64+
```
65+
66+
Or add the Depot secrets directly:
67+
68+
```bash
69+
depot ci secrets add SHPIT_WORKFLOW_DISPATCH_TOKEN --repo shpitdev/tabex
70+
depot ci secrets add SHPIT_WORKFLOW_DISPATCH_TOKEN --repo shpitdev/osyrra
71+
```
72+
3773
## Local Operator Flow
3874

3975
If you are logged into GitHub locally with `gh auth login`, you can run:

0 commit comments

Comments
 (0)