From c36d51c8461d41d70bd6f65534427e3650bef150 Mon Sep 17 00:00:00 2001 From: Alexander Weaver Date: Wed, 17 Jan 2024 11:05:49 -0600 Subject: [PATCH] [v10.0.x] Chore: Use Github App credentials for pr-commands.yml workflow (#80740) * manual backport * Backport all changes from this file --- .github/workflows/pr-commands.yml | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-commands.yml b/.github/workflows/pr-commands.yml index 9a882dbf3d9..747593eac27 100644 --- a/.github/workflows/pr-commands.yml +++ b/.github/workflows/pr-commands.yml @@ -8,20 +8,44 @@ on: concurrency: group: pr-commands-${{ github.event.number }} jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.GRAFANA_PR_AUTOMATION_APP_ID != '' && + secrets.GRAFANA_PR_AUTOMATION_APP_PEM != '' && + secrets.GRAFANA_MISC_STATS_API_KEY != '' + ) || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + main: + needs: config + if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - name: Checkout Actions - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: "grafana/grafana-github-actions" path: ./actions ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }} + private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }} - name: Run Commands uses: ./actions/commands with: metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}} - token: ${{secrets.GH_BOT_ACCESS_TOKEN}} - configPath: pr-commands + token: ${{ steps.generate_token.outputs.token }} + configPath: pr-commands \ No newline at end of file