Merge pull request #220 from chiukapoor/github-app-token

Add github app token in checkout step
rancher · Nov 12, 2024 · 7db41a1 · 7db41a1
2 parents 2d8790a + 568020c
commit 7db41a1
Showing 1 changed file with 18 additions and 16 deletions.
diff --git a/.github/workflows/add_new_versions.yml b/.github/workflows/add_new_versions.yml
@@ -14,8 +14,24 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Read App Secrets
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
+
+      - name: Create App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ env.APP_ID }}
+          private-key: ${{ env.PRIVATE_KEY }}
+
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
 
       - uses: actions/setup-python@v5
         with:
@@ -32,25 +48,11 @@ jobs:
           python -u workflow_scripts/check-for-new-versions.py
         env:
           EXCLUDED_VERSIONS: "v20.10.x,v23.0.x,v25.0.x,v26.1.x"
-
-      - name: Read App Secrets
-        uses: rancher-eio/read-vault-secrets@main
-        with:
-          secrets: |
-            secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
-            secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
-
-      - name: Create App Token
-        uses: actions/create-github-app-token@v1
-        id: app-token
-        with:
-          app-id: ${{ env.APP_ID }}
-          private-key: ${{ env.PRIVATE_KEY }}
 
       - name: check if the PR exist
         if: ${{ env.PR_TITLE != '' }}
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           PR_TITLE: ${{env.PR_TITLE}}
         run: |
           EXISTING_PR=$(gh pr list --limit 1500 --json title,url | jq --arg title "${PR_TITLE}" -r '.[] | select(.title==$title) | .url')
@@ -88,7 +90,7 @@ jobs:
         id: cpr
         env:
           SOURCE_BRANCH: ${{ steps.branch.outputs.branch }}
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           PR_TITLE: ${{env.PR_TITLE}}
           PR_BODY: autogenerated PR to add docker ${{env.NEW_VERSIONS}}
         run: |