Skip to content

Commit f3a8f58

Browse files
deantchideantchi
committed
fix: working auto-deploy with GH App token
1 parent f9068d4 commit f3a8f58

File tree

1 file changed

+14
-2
lines changed

1 file changed

+14
-2
lines changed

.github/workflows/ci.yaml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,8 @@ jobs:
296296
fi
297297
298298
deploy-staging:
299+
permissions:
300+
contents: write
299301
runs-on: ubuntu-latest
300302
needs:
301303
- build-publish-release
@@ -311,8 +313,12 @@ jobs:
311313
id: generate_actions_token
312314
uses: actions/create-github-app-token@v1
313315
with:
316+
owner: ${{ github.repository_owner }}
314317
app-id: ${{ secrets.HIROSYSTEMS_ACTIONS_BOT_ID }}
315318
private-key: ${{ secrets.HIROSYSTEMS_ACTIONS_BOT_PEM }}
319+
repositories: |
320+
actions
321+
k8s-platform
316322
317323
- name: Get bot user ID
318324
id: bot-user-id
@@ -336,7 +342,7 @@ jobs:
336342
k8s_repo: k8s-platform
337343
k8s_branch: main
338344
file_pattern: manifests/api/stacks-devnet-api/${{ env.DEPLOY_ENV }}/base/kustomization.yaml
339-
gh_token: ${{ secrets.GH_TOKEN }}
345+
gh_token: ${{ steps.generate_actions_token.outputs.token }}
340346

341347
auto-approve-staging:
342348
runs-on: ubuntu-latest
@@ -354,6 +360,8 @@ jobs:
354360
fi
355361
356362
deploy-prod:
363+
permissions:
364+
contents: write
357365
runs-on: ubuntu-latest
358366
if: needs.build-publish-release.outputs.new_release_published == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
359367
needs:
@@ -369,8 +377,12 @@ jobs:
369377
id: generate_actions_token
370378
uses: actions/create-github-app-token@v1
371379
with:
380+
owner: ${{ github.repository_owner }}
372381
app-id: ${{ secrets.HIROSYSTEMS_ACTIONS_BOT_ID }}
373382
private-key: ${{ secrets.HIROSYSTEMS_ACTIONS_BOT_PEM }}
383+
repositories: |
384+
actions
385+
k8s-platform
374386
375387
- name: Get bot user ID
376388
id: bot-user-id
@@ -394,4 +406,4 @@ jobs:
394406
k8s_repo: k8s-platform
395407
k8s_branch: main
396408
file_pattern: manifests/api/stacks-devnet-api/${{ env.DEPLOY_ENV }}/base/kustomization.yaml
397-
gh_token: ${{ secrets.GH_TOKEN }}
409+
gh_token: ${{ steps.generate_actions_token.outputs.token }}

0 commit comments

Comments
 (0)