diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 08bbc5f4..56b9b29f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,16 +23,28 @@ jobs: contents: read steps: + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 + id: app-token + with: + app-id: ${{ vars.CLI_APP_ID }} + private-key: ${{ secrets.CLI_APP_PRIVATE_KEY }} + permission-contents: write + owner: planetscale + repositories: | + cli + homebrew-tap + scoop-bucket + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - token: ${{ secrets.RELEASE_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} persist-credentials: true - name: Configure Git run: | - git config user.name "planetscale-actions-bot" - git config user.email "60239337+planetscale-actions-bot@users.noreply.github.com" + git config user.name "planetscale-cli[bot]" + git config user.email "272331943+planetscale-cli[bot]@users.noreply.github.com" - name: Checkout existing tag if: inputs.version != '' @@ -43,8 +55,6 @@ jobs: - name: Bump version and push tag if: inputs.version == '' id: bump - env: - GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} run: script/bump-version.sh - name: Resolve version @@ -56,7 +66,7 @@ jobs: - name: Publish artifacts env: - GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} diff --git a/script/bump-version.sh b/script/bump-version.sh index 0b150732..d226ede7 100755 --- a/script/bump-version.sh +++ b/script/bump-version.sh @@ -15,8 +15,6 @@ RELEASE_VERSION=$(/tmp/svu minor) echo "+++ :boom: Bumping to version $RELEASE_VERSION" -git config --global --add url."https://${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" - echo "RELEASE_VERSION=$RELEASE_VERSION" >>"$GITHUB_OUTPUT" git tag "$RELEASE_VERSION"