[infra] use huppy token for publish-new (#1687)

This PR sets up our publish-new script to use Huppy's GH token. At the
same time I added huppy to a list of actors who are allowed to override
the branch protection rules for `main` so hopefully next time we run the
release script the push will succeed and the release will therefore also
succeed. I will create a test repo to see if that works and if it does
I'll merge this.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
This commit is contained in:
David Sheldrick 2023-06-30 17:00:04 +01:00 committed by GitHub
parent b96d207f5f
commit b5edaeb950
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 21 deletions

View file

@ -12,13 +12,6 @@ jobs:
runs-on: ubuntu-latest-16-cores-open runs-on: ubuntu-latest-16-cores-open
steps: steps:
- name: tldraw-repo-sync token
id: tldraw-repo-sync
uses: getsentry/action-github-app-token@v2
with:
app_id: ${{ secrets.HUPPY_APP_ID }}
private_key: ${{ secrets.HUPPY_APP_PRIVATE_KEY }}
- name: Check out code - name: Check out code
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:

View file

@ -13,14 +13,7 @@ jobs:
runs-on: ubuntu-latest-16-cores-open runs-on: ubuntu-latest-16-cores-open
steps: steps:
- name: tldraw-repo-sync token - name: Check out code
id: tldraw-repo-sync
uses: getsentry/action-github-app-token@v2
with:
app_id: ${{ secrets.HUPPY_APP_ID }}
private_key: ${{ secrets.HUPPY_APP_PRIVATE_KEY }}
- name: Check out code
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Setup Node.js environment - name: Setup Node.js environment

View file

@ -12,9 +12,9 @@ jobs:
runs-on: ubuntu-latest-16-cores-open runs-on: ubuntu-latest-16-cores-open
steps: steps:
- name: tldraw-repo-sync token - name: Generate GH token
id: tldraw-repo-sync id: generate_token
uses: getsentry/action-github-app-token@v2 uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
with: with:
app_id: ${{ secrets.HUPPY_APP_ID }} app_id: ${{ secrets.HUPPY_APP_ID }}
private_key: ${{ secrets.HUPPY_APP_PRIVATE_KEY }} private_key: ${{ secrets.HUPPY_APP_PRIVATE_KEY }}
@ -22,7 +22,7 @@ jobs:
- name: Check out code - name: Check out code
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
token: ${{ secrets.STEVES_PUBLISH_TOKEN }} token: ${{ steps.generate_token.outputs.token }}
- name: Prepare repository - name: Prepare repository
# Fetch full git history and tags for auto # Fetch full git history and tags for auto
@ -42,8 +42,11 @@ jobs:
run: yarn run: yarn
- name: Publish - name: Publish
run: yarn tsx ./scripts/publish-new.ts run: |
git config --global user.name 'huppy-bot[bot]'
git config --global user.email '128400622+huppy-bot[bot]@users.noreply.github.com'
yarn tsx ./scripts/publish-new.ts
env: env:
GH_TOKEN: ${{ secrets.STEVES_PUBLISH_TOKEN }} GH_TOKEN: ${{ steps.generate_token.outputs.token }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
HUPPY_TOKEN: ${{ secrets.HUPPY_TOKEN }} HUPPY_TOKEN: ${{ secrets.HUPPY_TOKEN }}