From b3911285bbf01d32197b81fdafef95bd597c620c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 26 Mar 2025 17:12:09 +0100 Subject: [PATCH] Use the official GitHub Action to obtain installation access tokens When I committed the first workflow in e84a016 (Add a workflow to synchronize refs from git/git to gitgitgadget/git, 2023-08-18), I had missed the first public release of `actions/create-github-app-token` by _mere days_: The first version of that GitHub Action to be officially published to the GitHub Marketplace was v1.1.0, on August 22nd, 2023: https://github.com/actions/create-github-app-token/releases/tag/v1.1.0, i.e. a mere 4 days after I had committed the initial version of the `sync-ref` workflow. That was the reason why, when I scoured around for a GitHub Action that could be used to obtain an installation access token, I only found a third-party one. I don't exactly remember how I got aware of the official Action provided by GitHub itself, but I know that I immediately opened https://github.com/gitgitgadget/gitgitgadget-workflows/issues/5 so that I wouldn't forget to eventually migrate to that Action. This commit is it. With this, we switch from that 3rd-party Action to the official GitHub one. Signed-off-by: Johannes Schindelin --- .github/workflows/sync-git-gui.yml | 13 +++++++++---- .github/workflows/sync-gitster-git.yml | 13 +++++++++---- .github/workflows/sync-ref.yml | 13 +++++++++---- 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/.github/workflows/sync-git-gui.yml b/.github/workflows/sync-git-gui.yml index efd8d62..2158135 100644 --- a/.github/workflows/sync-git-gui.yml +++ b/.github/workflows/sync-git-gui.yml @@ -25,6 +25,10 @@ jobs: id: check with: script: | + const [targetRepoOwner, targetRepoName] = process.env.TARGET_REPOSITORY.split('/') + core.setOutput('target-repo-owner', targetRepoOwner) + core.setOutput('target-repo-name', targetRepoName) + const sleep = async (milliseconds) => { return new Promise(resolve => setTimeout(resolve, milliseconds)) } @@ -109,12 +113,13 @@ jobs: core.setOutput('to-fetch', [...toFetch].join(' ')) - name: obtain installation token if: steps.check.outputs.refspec != '' - uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + uses: actions/create-github-app-token@v1 id: token with: - app_id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }} - private_key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }} - repository: ${{ env.TARGET_REPOSITORY }} + app-id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }} + private-key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }} + owner: ${{ steps.check.outputs.target-repo-owner }} + repositories: ${{ steps.check.outputs.target-repo-name }} - name: set authorization header if: steps.check.outputs.refspec != '' uses: actions/github-script@v7 diff --git a/.github/workflows/sync-gitster-git.yml b/.github/workflows/sync-gitster-git.yml index 409f4f4..0e7ca50 100644 --- a/.github/workflows/sync-gitster-git.yml +++ b/.github/workflows/sync-gitster-git.yml @@ -24,6 +24,10 @@ jobs: id: check with: script: | + const [targetRepoOwner, targetRepoName] = process.env.TARGET_REPOSITORY.split('/') + core.setOutput('target-repo-owner', targetRepoOwner) + core.setOutput('target-repo-name', targetRepoName) + const sleep = async (milliseconds) => { return new Promise(resolve => setTimeout(resolve, milliseconds)) } @@ -95,12 +99,13 @@ jobs: core.setOutput('to-fetch', [...toFetch].join(' ')) - name: obtain installation token if: steps.check.outputs.refspec != '' - uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + uses: actions/create-github-app-token@v1 id: token with: - app_id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }} - private_key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }} - repository: ${{ env.TARGET_REPOSITORY }} + app-id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }} + private-key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }} + owner: ${{ steps.check.outputs.target-repo-owner }} + repositories: ${{ steps.check.outputs.target-repo-name }} - name: set authorization header if: steps.check.outputs.refspec != '' uses: actions/github-script@v7 diff --git a/.github/workflows/sync-ref.yml b/.github/workflows/sync-ref.yml index e1f86fe..0b13510 100644 --- a/.github/workflows/sync-ref.yml +++ b/.github/workflows/sync-ref.yml @@ -30,6 +30,10 @@ jobs: id: check with: script: | + const [targetRepoOwner, targetRepoName] = process.env.TARGET_REPOSITORY.split('/') + core.setOutput('target-repo-owner', targetRepoOwner) + core.setOutput('target-repo-name', targetRepoName) + const getSHA = async (repository, ref) => { if (ref.startsWith('refs/heads/') || ref.startsWith('refs/tags/')) ref = ref.substring(4) else throw new Error(`Cannot handle ref '${ref}`) @@ -60,12 +64,13 @@ jobs: core.setOutput('target-sha', targetSHA || '') - name: obtain installation token if: steps.check.outputs.skip == 'false' - uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + uses: actions/create-github-app-token@v1 id: token with: - app_id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }} - private_key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }} - repository: ${{ env.TARGET_REPOSITORY }} + app-id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }} + private-key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }} + owner: ${{ steps.check.outputs.target-repo-owner }} + repositories: ${{ steps.check.outputs.target-repo-name }} - name: set authorization header if: steps.check.outputs.skip == 'false' uses: actions/github-script@v7