diff --git a/.github/workflows/gitflow.yml b/.github/workflows/gitflow.yml index 70df2af..ff0c3c7 100644 --- a/.github/workflows/gitflow.yml +++ b/.github/workflows/gitflow.yml @@ -53,9 +53,18 @@ on: default: 'changelog.md' required: false secrets: - TOKEN: + GITHUB_TOKEN: description: 'GitHub token (Default: GitHub Action token)' required: false + GITHUB_APP_ID: + description: 'GitHub app id for fetching GitHub token' + required: false + GITHUB_APP_PRIVATE_KEY: + description: 'GitHub app private key for fetching GitHub token' + required: false + GITHUB_APP_OWNER: + description: 'GitHub app owner for fetching GitHub token' + required: false env: MAIN_BRANCH: ${{ inputs.MAIN_BRANCH || 'main' }} @@ -66,7 +75,10 @@ env: VERSION_EXPRESSION: ${{ inputs.VERSION_EXPRESSION || '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' }} VERSION_HEADER: ${{ inputs.VERSION_HEADER || '## ' }} CHANGELOG: ${{ inputs.CHANGELOG || 'changelog.md' }} - GITHUB_TOKEN: ${{ secrets.TOKEN || github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN || github.token }} + GITHUB_APP_ID: ${{ secrets.GITHUB_APP_ID }} + GITHUB_APP_PRIVATE_KEY: ${{ secrets.GITHUB_APP_PRIVATE_KEY }} + GITHUB_APP_OWNER: ${{ secrets.GITHUB_APP_OWNER }} SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }} SOURCE_COMMIT: ${{ github.event.pull_request.head.sha }} DESTINATION_BRANCH: ${{ github.event.pull_request.base.ref }} @@ -76,6 +88,21 @@ jobs: gitflow: runs-on: ubuntu-latest steps: + - name: Fetching GitHub Token + id: fetching-github-token + if: ${{ env.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY && env.GITHUB_APP_OWNER }} + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ env.GITHUB_APP_ID }} + private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }} + owner: ${{ env.GITHUB_APP_OWNER }} + + - name: Using GitHub Token + if: ${{ env.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY && env.GITHUB_APP_OWNER }} + run: | + echo '::add-mask::${{ steps.fetching-github-token.outputs.token }}' + echo 'GITHUB_TOKEN=${{ steps.fetching-github-token.outputs.token }}' >> $GITHUB_ENV + - name: Check branch id: check-branch run: | diff --git a/changelog.md b/changelog.md index 4c1a5bd..e8b0179 100644 --- a/changelog.md +++ b/changelog.md @@ -1,3 +1,7 @@ +## 2.2.0 + +- feature: support fetching github token from github app + ## 2.1.2 - fix: solve issue that DEVELOP_BRANCH input is not used diff --git a/readme.md b/readme.md index 4937ec6..f4749e5 100644 --- a/readme.md +++ b/readme.md @@ -34,7 +34,10 @@ A implementation of workflows of GitHub Actions to support using gitflow on GitH # VERSION_HEADER: ... # Default: '## ' # CHANGELOG: ... # Default: 'changelog.md' # secrets: - # TOKEN: ... # Default: Github Action token + # GITHUB_TOKEN: ... # Default: GitHub Action token + # GITHUB_APP_ID: ... # Default: GitHub App ID for fetching GitHub token + # GITHUB_APP_PRIVATE_KEY: ... # Default: GitHub App ID for fetching GitHub token + # GITHUB_APP_OWNER: ... # Default: GitHub App ID for fetching GitHub token ``` 4. Set `Workflow permissions` as checking `Read and write permissions` and `Allow GitHub Actions to create and approve pull requests`. 5. Do not check `Automatically delete head branches`.