Skip to content

Commit 2623b5f

Browse files
mbruzda-splunkmbruzda-splunk
authored
ci: migrate GH_TOKEN_ADMIN to GitHub App token (#47)
## Summary - Replace `GH_TOKEN_ADMIN` (PAT) with short-lived installation tokens via `actions/create-github-app-token@v3`. - Add a token generation step to the `build_action` and `update-semver` jobs (each job needs its own token since tokens are revoked at job end). - Update `splunk/semantic-release-action@v1.3` and `splunk/addonfactory-update-semver@v1` to consume `steps.app-token.outputs.token` via `GITHUB_TOKEN`. Made with [Cursor](https://cursor.com)
2 parents afe615f + c7ac0c2 commit 2623b5f

1 file changed

Lines changed: 16 additions & 2 deletions

File tree

.github/workflows/main.yml

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,13 @@ jobs:
4747
with:
4848
submodules: recursive
4949
persist-credentials: false
50+
- name: Generate GitHub App Token
51+
id: app-token
52+
uses: actions/create-github-app-token@v3
53+
with:
54+
client-id: ${{ secrets.GH_APP_CLIENT_ID }}
55+
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
56+
owner: ${{ github.repository_owner }}
5057
- name: Install yq
5158
run: sudo snap install yq
5259
- name: Set up QEMU
@@ -88,7 +95,7 @@ jobs:
8895

8996
- uses: splunk/semantic-release-action@v1.3
9097
env:
91-
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
98+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
9299
with:
93100
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
94101
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
@@ -101,9 +108,16 @@ jobs:
101108
runs-on: ubuntu-latest
102109
steps:
103110
- uses: actions/checkout@v4
111+
- name: Generate GitHub App Token
112+
id: app-token
113+
uses: actions/create-github-app-token@v3
114+
with:
115+
client-id: ${{ secrets.GH_APP_CLIENT_ID }}
116+
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
117+
owner: ${{ github.repository_owner }}
104118
- uses: splunk/addonfactory-update-semver@v1
105119
env:
106-
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
120+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
107121
with:
108122
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
109123
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}

0 commit comments

Comments
 (0)