Fix step name in committer string example and add git config example

[anuraaga]

I noticed the referenced ID in the committer string example doesn't seem to be correct.

Unrelated to this fix, I was wondering if there is interest in tweaking the example to be used with git config? I feel as if that is more generally useful than just echoing the string. For example

- name: setup git
  run: |
    git config user.name ${{steps.app-token.outputs.app-slug}}[bot]
    git config user.email ${{ steps.app-token.outputs.installation-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>

It is the same content as the current example but ready to go for a common use case IMO.

[gr2m]

thank you! Document fix PRs are the best PRs 💐

[gr2m]

I was wondering if there is interest in tweaking the example to be used with git config? I feel as if that is more generally useful than just echoing the string. For example

I think we can list both examples. There are use cases that require the commit string, e.g. some actions. If you'd like to add another example on how to configure git using outputs of this action, that'd be great

[anuraaga]

Thanks @gr2m - when using this example in practice, I noticed that it doesn't seem correct to use the installation ID in the committer email but it should be the user ID of the bot. If I followed the above committer string example using outputs.installation-id, then I get a commit in the UI that displays two different users, one linked the other unlinked

wasilibs/go-protoc-gen-builtins@9c7fdf7

I looked at git log for that commit and noticed that it was merged using the bot's user ID, so I changed to use it for the email, and then it shows as expected, a single linked committer

wasilibs/go-protoc-gen-builtins@95931e4

For reference, this is the workflow: https://github.com/wasilibs/actions/blob/main/.github/workflows/update.yaml#L42

So I suspect this form is correct. I'm not sure exactly how the committer string example is meant to be used, but I guess it's a similar flow so should I update it to user bot user ID like here? Should the action add to outputs, bot-user-id so users don't have to look it up? BTW I use the term "bot user ID" instead of "app user ID" since it corresponds to the [bot] user, not the user without that suffix (the user ID of dependabot is different, and not what it uses when it sends a PR to a repo)

Thanks.

[maboloshi]

Indeed, installation-id is not equal to user id. #105 (comment)
The user id can be obtained by requesting https://api.github.com/users/$AppSlug[bot].

Here's how my bot signature is generated.

function set_dco_signature {
    if [[ $TOKEN == ghp_* ]]; then
        # https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
        # What starts with 'ghp_' is the GitHub personal access token

        response=$(curl -s -H "Authorization: token $TOKEN" "$GITHUB_URL/user")
    elif [[ $APP_SLUG ]]; then
        CommitBot=$APP_SLUG
    else
        CommitBot="github-actions"
    fi

    if [[ $CommitBot ]]; then
        response=$(curl -s -H "Authorization: token $TOKEN" "$GITHUB_URL/users/$CommitBot\[bot\]")
    fi

    CommitBot=$(echo "$response" | jq -r '.login')
    id=$(echo "$response" | jq -r '.id')
    echo "Signed-off-by: $CommitBot <$id+$CommitBot@users.noreply.github.com>"
}

By the way, I'd like to share my own submission script based on GitHub GraphQL API that supports adding and subtracting multiple files.
https://github.com/maboloshi/github-chinese/blob/gh-pages/script/ci_commit_with_signature.sh

Usage example:

      - name: Commit and push main.user.js
        if: ${{ env.LOCALS_JS_IS_CHANGED == 'true' &&
                env.MAIN_USER_JS_IS_CHANGED == 'true' }}
        env:
          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
          APP_SLUG: ${{ steps.generate_token.outputs.app-slug }}
        run: |
          bash script/ci_commit_with_signature.sh \
          -R "${{ github.repository }}" \
          -B "${{ github.ref_name }}" \
          -P "${{ github.sha }}" \
          -F "main.user.js" \
          -h "main.user.js Update to version $(TZ='Asia/Shanghai' date +'%Y-%m-%d')"

[maboloshi]

Based on the octokit/request-action mentioned by @gr2m, I rewrote the example (untested) #148 (comment)

### Configure git CLI for an app's bot user

```yaml
on: [pull_request]

jobs:
  auto-format:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/create-github-app-token@v1
        id: app-token
        with:
          # required
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}
      - uses: octokit/request-action@v2
        id: get-bot-id
        with:
          route: GET /users/${{ steps.app-token.outputs.app-slug }}[bot]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - run: |
          git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
          git config --global user.email '${{ fromJson(steps.get-bot-id.outputs.data).id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
      # git commands like commit work using the bot user
      - run: |
          git add .
          git commit -m "Auto-generated changes"
          git push

[anuraaga]

Yeah I considered using gh CLI to get the id which might be a bit simpler than that. I felt it's a bit weird since the id is guaranteed to be static so could easily be hard coded in the yaml. But happy to try it if it's better.

[gr2m]

Yeah I considered using gh CLI to get the id which might be a bit simpler than that. I felt it's a bit weird since the id is guaranteed to be static so could easily be hard coded in the yaml. But happy to try it if it's better.

using the gh CLI is a great idea, too. Once you have tested it, could you update your PR? Really appreciate y'all helping with this

[vleon1a]

I tried with the GH CLI, it works like a charm:

- name: Generate GitHub App Token
  id: generate-token
  uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2
  with:
    app-id: ${{ secrets.SEMANTIC_RELEASE_APP_ID }}
    private-key: ${{ secrets.SEMANTIC_RELEASE_PRIVATE_KEY }}
- name: Retrieve GitHub App User ID
  id: get-user-id
  env:
    GH_TOKEN: ${{ steps.generate-token.outputs.token }}
  run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
- name: GitHub Release
  id: semantic-release
  env:
    GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
    GIT_AUTHOR_NAME: ${{ steps.generate-token.outputs.app-slug }}[bot]
    GIT_AUTHOR_EMAIL: ${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com
    GIT_COMMITTER_NAME: ${{ steps.generate-token.outputs.app-slug }}[bot]
    GIT_COMMITTER_EMAIL: ${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com
  run: npx semantic-release

[anuraaga]

Thanks all, I have gone ahead and updated the doc to use gh CLI to get the user ID

[maboloshi]

This part has not been corrected.😊
run: echo "string=${{steps.app-token.outputs.app-slug}}[bot] <${{ steps.app-token.outputs.installation-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT"

[anuraaga]

Ah wasn't sure if it's ok to update the existing doc, went ahead and did it. Thanks