ci: use github app token (#1032)

zeshuaro · Jan 14, 2024 · ce28552 · ce28552
1 parent f40e02a
commit ce28552
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 7 deletions.
diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
@@ -38,7 +38,6 @@ jobs:
         uses: actions/cache@v3
         with:
           path: |
-            ${{ env.PUB_CACHE }}
             **/.dart_tool
           key: ${{ runner.os }}-pub-${{ hashFiles('**/pubspec.lock') }}
           restore-keys: |
@@ -160,7 +159,6 @@ jobs:
         uses: actions/cache@v3
         with:
           path: |
-            ${{ env.PUB_CACHE }}
             **/.dart_tool
           key: ${{ runner.os }}-pub-${{ hashFiles('**/pubspec.lock') }}
           restore-keys: |
@@ -204,6 +202,13 @@ jobs:
             build-output: bundle
 
     steps:
+      - name: Create GitHub App token 🔑
+        id: create-app-token
+        uses: tibdex/github-app-token@v2.1.0
+        with:
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
       - name: Checkout 🛎️
         uses: actions/checkout@v4
         with:
@@ -226,7 +231,6 @@ jobs:
         uses: actions/cache@v3
         with:
           path: |
-            ${{ env.PUB_CACHE }}
             **/.dart_tool
           key: ${{ runner.os }}-pub-${{ hashFiles('**/pubspec.lock') }}
           restore-keys: |
@@ -255,7 +259,7 @@ jobs:
         shell: bash
         run: npx semantic-release --extends ./build.release.config.js
         env:
-          GITHUB_TOKEN: ${{ secrets.PAT }}
+          GITHUB_TOKEN: ${{ steps.create-app-token.outputs.token }}
           APP_TYPE: ${{ matrix.type }}
           BUILD_PATH: ${{ matrix.build-path }}
           BUILD_OUTPUT: ${{ matrix.build-output }}
@@ -276,6 +280,13 @@ jobs:
     needs: [build]
 
     steps:
+      - name: Create GitHub App token 🔑
+        id: create-app-token
+        uses: tibdex/github-app-token@v2.1.0
+        with:
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
       - name: Checkout 🛎️
         uses: actions/checkout@v4
         with:
@@ -305,4 +316,4 @@ jobs:
       - name: Release 🚀
         run: npx semantic-release --extends ./publish.release.config.js
         env:
-          GITHUB_TOKEN: ${{ secrets.PAT }}
+          GITHUB_TOKEN: ${{ steps.create-app-token.outputs.token }}
diff --git a/.github/workflows/post-dependency-update.yml b/.github/workflows/post-dependency-update.yml
@@ -13,10 +13,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Create GitHub App token 🔑
+        id: create-app-token
+        uses: tibdex/github-app-token@v2.1.0
+        with:
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
       - name: Checkout 🛎️
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
         with:
-          token: ${{ secrets.PAT }}
+          token: ${{ steps.create-app-token.outputs.token }}
 
       - name: Get project Flutter version 🏷️
         id: fvm-config
@@ -36,7 +43,6 @@ jobs:
         uses: actions/cache@v3
         with:
           path: |
-            ${{ env.PUB_CACHE }}
             **/.dart_tool
           key: ${{ runner.os }}-pub-${{ hashFiles('**/pubspec.lock') }}
           restore-keys: |