diff --git a/.github/workflows/add_new_versions.yml b/.github/workflows/add_new_versions.yml index d914e04..9692fce 100644 --- a/.github/workflows/add_new_versions.yml +++ b/.github/workflows/add_new_versions.yml @@ -5,12 +5,10 @@ on: schedule: - cron: "0 0 * * 3" - permissions: contents: write pull-requests: write - jobs: generate_and_raise_pr: runs-on: ubuntu-latest @@ -34,11 +32,25 @@ jobs: python -u workflow_scripts/check-for-new-versions.py env: EXCLUDED_VERSIONS: "v20.10.x,v23.0.x,v25.0.x,v26.1.x" + + - name: Read App Secrets + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ; + secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY + + - name: Create App Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ env.APP_ID }} + private-key: ${{ env.PRIVATE_KEY }} - name: check if the PR exist if: ${{ env.PR_TITLE != '' }} env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} PR_TITLE: ${{env.PR_TITLE}} run: | EXISTING_PR=$(gh pr list --limit 1500 --json title,url | jq --arg title "${PR_TITLE}" -r '.[] | select(.title==$title) | .url') @@ -76,7 +88,7 @@ jobs: id: cpr env: SOURCE_BRANCH: ${{ steps.branch.outputs.branch }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} PR_TITLE: ${{env.PR_TITLE}} PR_BODY: autogenerated PR to add docker ${{env.NEW_VERSIONS}} run: |