From b8ad4e0bb4e12fecf76e570c6c1852496bd2c116 Mon Sep 17 00:00:00 2001 From: Dimitris Sotirakis Date: Wed, 21 Jun 2023 16:32:58 +0300 Subject: [PATCH] [v9.4.x] GitHub Apps: Replace grafanabot token with grafana-delivery-bot GitHub App (#70457) * GitHub Apps: Replace `grafanabot` token with `grafana-delivery-bot` GitHub App (#70242) * Update bump-version.yml * Fix secret * [REVERTME] Remove check * Test without grafana-delivery-bot prefix * Check if token exists * Cleanup bump-version * Update gh actions to use app key (cherry picked from commit 15a85686c25d7588d4e7564a3a7d67b71440f91d) # Conflicts: # .github/workflows/backport.yml # .github/workflows/bump-version.yml # .github/workflows/milestone.yml # .github/workflows/update-changelog.yml * Bug: Fix `yaml` identation for github action yamls (#70445) * Fix yaml identation * Fix the rest of the yamls (cherry picked from commit 31b9f9d235c81653de28cc014b3d4497764994f1) --- .github/workflows/backport.yml | 8 +++++- .github/workflows/bump-version.yml | 14 ++++++++--- .github/workflows/close-milestone.yml | 8 +++++- .github/workflows/github-release.yml | 12 ++++++--- .github/workflows/milestone.yml | 34 +++++++++++++++++--------- .github/workflows/remove-milestone.yml | 8 +++++- .github/workflows/update-changelog.yml | 10 ++++++-- 7 files changed, 71 insertions(+), 23 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 1d46d8d57db..df3973f571c 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -17,10 +17,16 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Run backport uses: ./actions/backport with: metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}} - token: ${{secrets.GH_BOT_ACCESS_TOKEN}} + token: ${{ steps.generate_token.outputs.token }} labelsToAdd: "backport,no-changelog" title: "[{{base}}] {{originalTitle}}" diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index b07cf46eeba..c8458a4846a 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -6,12 +6,12 @@ on: description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch or major.minor.patch-beta format. example: 7.4.3 or 7.4.3-beta1' required: true env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false + YARN_ENABLE_IMMUTABLE_INSTALLS: false jobs: main: runs-on: ubuntu-latest steps: - # This is a basic workflow to help you get started with Actions + # This is a basic workflow to help you get started with Actions - uses: actions-ecosystem/action-regex-match@v2.0.2 if: ${{ github.event.inputs.version != '' }} id: regex-match @@ -68,8 +68,14 @@ jobs: node-version: '16' - name: Install Actions run: npm install --production --prefix ./actions - - name: Run bump version (manually invoked) + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} + - name: Run bump version (manually invoked) uses: ./actions/bump-version with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} metricsWriteAPIKey: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }} diff --git a/.github/workflows/close-milestone.yml b/.github/workflows/close-milestone.yml index e798f0cd4bf..2aa9c52b4b6 100644 --- a/.github/workflows/close-milestone.yml +++ b/.github/workflows/close-milestone.yml @@ -26,11 +26,17 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Close milestone (manually invoked) if: ${{ github.event.inputs.version != '' }} uses: ./actions/close-milestone with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} - name: Close milestone (workflow invoked) if: ${{ inputs.version_call != '' }} uses: ./actions/close-milestone diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index f0223cfdcca..677217aaf91 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: version: - required: true + required: true description: Needs to match, exactly, the name of a milestone (NO v prefix) jobs: main: @@ -14,11 +14,17 @@ jobs: with: repository: "grafana/grafana-github-actions" path: ./actions - ref: main + ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Run github release action uses: ./actions/github-release with: - token: ${{secrets.GH_BOT_ACCESS_TOKEN}} + token: ${{ steps.generate_token.outputs.token }} metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}} diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml index d4238e61a2a..15fe2780c4e 100644 --- a/.github/workflows/milestone.yml +++ b/.github/workflows/milestone.yml @@ -7,15 +7,27 @@ on: required: true jobs: call-remove-milestone: - uses: grafana/grafana/.github/workflows/remove-milestone.yml@main - with: - version_call: ${{ github.event.inputs.version_input }} - secrets: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} + - uses: grafana/grafana/.github/workflows/remove-milestone.yml@main + with: + version_call: ${{ github.event.inputs.version_input }} + secrets: + token: ${{ steps.generate_token.outputs.token }} call-close-milestone: - uses: grafana/grafana/.github/workflows/close-milestone.yml@main - with: - version_call: ${{ github.event.inputs.version_input }} - secrets: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} - needs: call-remove-milestone \ No newline at end of file + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} + - uses: grafana/grafana/.github/workflows/close-milestone.yml@main + with: + version_call: ${{ github.event.inputs.version_input }} + secrets: + token: ${{ steps.generate_token.outputs.token }} + needs: call-remove-milestone diff --git a/.github/workflows/remove-milestone.yml b/.github/workflows/remove-milestone.yml index 78305864e09..0015c34e91d 100644 --- a/.github/workflows/remove-milestone.yml +++ b/.github/workflows/remove-milestone.yml @@ -26,11 +26,17 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Remove milestone from open issues (manually invoked) if: ${{ github.event.inputs.version != '' }} uses: ./actions/remove-milestone with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} - name: Remove milestone from open issues (workflow invoked) if: ${{ inputs.version_call != '' }} uses: ./actions/remove-milestone diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index 003d1266cc1..8c0ef3cd98e 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -9,6 +9,12 @@ jobs: main: runs-on: ubuntu-latest steps: + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Checkout Actions uses: actions/checkout@v3 with: @@ -17,8 +23,8 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions - - name: Run update changelog (manually invoked) + - name: Run update changelog (manually invoked) uses: ./actions/update-changelog with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} metricsWriteAPIKey: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}