diff --git a/.github/workflows/gen-client.yml b/.github/workflows/gen-client.yml index dc81fd8..e6d482b 100644 --- a/.github/workflows/gen-client.yml +++ b/.github/workflows/gen-client.yml @@ -10,14 +10,31 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 + with: + app-id: ${{ secrets.CQ_APP_ID }} + private-key: ${{ secrets.CQ_APP_PRIVATE_KEY }} + permission-contents: write + permission-pull-requests: write + - name: Generate GitHub App token for cloud repo + id: app-token-cloud + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 + with: + app-id: ${{ secrets.CQ_APP_ID }} + private-key: ${{ secrets.CQ_APP_PRIVATE_KEY }} + repositories: | + cloud + permission-contents: read - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: - token: ${{ secrets.GH_CQ_BOT }} + token: ${{ steps.app-token.outputs.token }} - name: Get Specs File run: | - curl -H "Authorization: token ${{ secrets.GH_CQ_BOT }}" https://raw.githubusercontent.com/cloudquery/cloud/main/cloud/internal/servergen/spec.json -o spec.json + curl -H "Authorization: token ${{ steps.app-token-cloud.outputs.token }}" https://raw.githubusercontent.com/cloudquery/cloud/main/cloud/internal/servergen/spec.json -o spec.json - name: Format Specs File run: | @@ -38,11 +55,10 @@ jobs: uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8 with: # required so the PR triggers workflow runs - token: ${{ secrets.GH_CQ_BOT }} + token: ${{ steps.app-token.outputs.token }} branch: fix/gen-cloudquery-api base: main title: 'fix: Generate CloudQuery Go API Client from `spec.json`' commit-message: 'fix: Generate CloudQuery Go API Client from `spec.json`' body: This PR was created by a scheduled workflow to generate the CloudQuery Go API Client from `spec.json` - author: cq-bot labels: automerge diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index fa76947..9350acf 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -12,10 +12,27 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 + with: + app-id: ${{ secrets.CQ_APP_ID }} + private-key: ${{ secrets.CQ_APP_PRIVATE_KEY }} + permission-contents: write + permission-pull-requests: write + - name: Generate GitHub App token for .github repo + id: app-token-github + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 + with: + app-id: ${{ secrets.CQ_APP_ID }} + private-key: ${{ secrets.CQ_APP_PRIVATE_KEY }} + repositories: | + .github + permission-actions: write - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4 id: release with: - token: ${{ secrets.GH_CQ_BOT }} + token: ${{ steps.app-token.outputs.token }} - name: Parse semver string if: steps.release.outputs.release_created id: semver_parser @@ -34,7 +51,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 if: steps.release.outputs.release_created && steps.semver_parser.outputs.prerelease == '' with: - github-token: ${{ secrets.GH_CQ_BOT }} + github-token: ${{ steps.app-token-github.outputs.token }} script: | github.rest.actions.createWorkflowDispatch({ owner: 'cloudquery',