Skip to content

Commit 00e871f

Browse files
Andaristbluwy
andauthored
Use internal bot for versioning (#16)
Co-authored-by: bluwy <bjornlu.dev@gmail.com>
1 parent 38a710b commit 00e871f

2 files changed

Lines changed: 18 additions & 3 deletions

File tree

.github/workflows/ci.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
merge_group:
88
branches:
99
- main
10+
- next
11+
# merge group rulesets don't allow wildcards so in settings each maintenance branch needs to be added separately
12+
- "maintenance/v*" # branch rulesets don't support v[0-9]+
1013

1114
permissions:
1215
contents: read

.github/workflows/publish.yml

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,24 +4,26 @@ on:
44
push:
55
branches:
66
- main
7+
- next
8+
- "maintenance/v*" # branch rulesets don't support v[0-9]+
79

810
concurrency:
911
group: ${{ github.workflow }}-${{ github.ref }}
1012
cancel-in-progress: false
1113
queue: max
1214

13-
permissions: {}
15+
permissions: {} # each job should define its own permission explicitly
1416

1517
jobs:
1618
version:
1719
name: Version
1820
runs-on: ubuntu-latest
21+
environment: version
1922
timeout-minutes: 10
2023
outputs:
2124
hasChangesets: ${{ steps.changesets.outputs.hasChangesets }}
2225
permissions:
23-
contents: write # to create version commits (changesets/action)
24-
pull-requests: write # to create pull request (changesets/action)
26+
contents: read # to check out repo (actions/checkout)
2527
steps:
2628
- name: Check out repo
2729
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
@@ -32,9 +34,19 @@ jobs:
3234
with:
3335
skip-cache: true # avoid cache poisoning attacks
3436

37+
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
38+
id: app-token
39+
with:
40+
client-id: ${{ vars.APP_CLIENT_ID }}
41+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
42+
permission-contents: write # to create version commits (changesets/action)
43+
permission-pull-requests: write # to create pull request (changesets/action)
44+
3545
- name: Create or update release pull request
3646
id: changesets
3747
uses: changesets/action@63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b # v1.8.0
48+
with:
49+
github-token: ${{ steps.app-token.outputs.token }}
3850

3951
publish:
4052
name: Publish

0 commit comments

Comments
 (0)