jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor(ci): migrate tibdex/github-app-token to actions/create-github-app-token (#4072)

Browse Source
This commit is contained in:
Meier Lukas
2025-09-13 17:15:33 +02:00
committed by GitHub
parent b398be0303
commit 86cf290c31
7 changed files with 53 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/automatic-approval.yml vendored
View File

@@ -3,6 +3,8 @@ on:
pull_request: pull_request:
types: [opened, synchronize] types: [opened, synchronize]
permissions: {}
jobs: jobs:
approve-automatic-prs: approve-automatic-prs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -12,10 +14,12 @@ jobs:
uses: actions/checkout@v5 uses: actions/checkout@v5
- name: Obtain token - name: Obtain token
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.RENOVATE_APPROVE_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_APPROVE_PRIVATE_KEY }}
app_id: ${{ secrets.RENOVATE_APPROVE_APP_ID }} app-id: ${{ secrets.RENOVATE_APPROVE_APP_ID }}
permission-pull-requests: write # required to approve pull request
- name: Install GitHub CLI - name: Install GitHub CLI
run: sudo apt-get install -y gh run: sudo apt-get install -y gh
- name: Approve automatic PRs - name: Approve automatic PRs

11
.github/workflows/crowdin-schedule-download.yml vendored
View File

@@ -5,6 +5,9 @@ on:
schedule: schedule:
- cron: "0 0 * * *" # every day at midnight - cron: "0 0 * * *" # every day at midnight
permissions:
contents: read # required for code checkout
jobs: jobs:
download-crowdin-translations: download-crowdin-translations:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -15,10 +18,12 @@ jobs:
- name: Obtain token - name: Obtain token
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.CROWDIN_APP_PRIVATE_KEY }} private-key: ${{ secrets.CROWDIN_APP_PRIVATE_KEY }}
app_id: ${{ secrets.CROWDIN_APP_ID }} app-id: ${{ secrets.CROWDIN_APP_ID }}
permission-contents: write # required to commit to crowdin branch
permission-pull-requests: write # required to create pull request
- name: Download Crowdin translations - name: Download Crowdin translations
id: crowdin-download id: crowdin-download

8
.github/workflows/deployment-docker-image.yml vendored
View File

@@ -49,10 +49,12 @@ jobs:
- name: Obtain token - name: Obtain token
if: env.SKIP_RELEASE == 'false' if: env.SKIP_RELEASE == 'false'
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.RENOVATE_MERGE_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_MERGE_PRIVATE_KEY }}
app_id: ${{ secrets.RENOVATE_MERGE_APP_ID }} app-id: ${{ secrets.RENOVATE_MERGE_APP_ID }}
permission-contents: write # required to commit package.json & changelog changes, merge them to dev and publish the release
- uses: actions/checkout@v5 - uses: actions/checkout@v5
if: env.SKIP_RELEASE == 'false' if: env.SKIP_RELEASE == 'false'
with: with:

15
.github/workflows/deployment-weekly-release.yml vendored
View File

@@ -49,10 +49,11 @@ jobs:
args: "Created a release PR ${{ steps.create-pull-request.outputs.url }} for version ${{ steps.semver.outputs.next }} (new behaviour: ${{ steps.semver.outputs.bump }})" args: "Created a release PR ${{ steps.create-pull-request.outputs.url }} for version ${{ steps.semver.outputs.next }} (new behaviour: ${{ steps.semver.outputs.bump }})"
- name: Obtain token - name: Obtain token
id: obtainApprovalToken id: obtainApprovalToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.RENOVATE_APPROVE_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_APPROVE_PRIVATE_KEY }}
app_id: ${{ secrets.RENOVATE_APPROVE_APP_ID }} app-id: ${{ secrets.RENOVATE_APPROVE_APP_ID }}
permission-pull-requests: write
- name: Approve PR - name: Approve PR
env: env:
GITHUB_TOKEN: ${{ steps.obtainApprovalToken.outputs.token }} GITHUB_TOKEN: ${{ steps.obtainApprovalToken.outputs.token }}
@@ -60,10 +61,12 @@ jobs:
gh pr review --approve --body "Automatically approved by GitHub Action" gh pr review --approve --body "Automatically approved by GitHub Action"
- name: Obtain token - name: Obtain token
id: obtainMergeToken id: obtainMergeToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.RENOVATE_MERGE_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_MERGE_PRIVATE_KEY }}
app_id: ${{ secrets.RENOVATE_MERGE_APP_ID }} app-id: ${{ secrets.RENOVATE_MERGE_APP_ID }}
permission-contents: write # write to main branch (due to merge)
permission-pull-requests: write # merge pull request
- id: automerge - id: automerge
if: ${{ steps.semver.outputs.bump != 'major' }} if: ${{ steps.semver.outputs.bump != 'major' }}
name: automerge name: automerge

20
.github/workflows/on-release.yml vendored
View File

@@ -11,12 +11,14 @@ jobs:
steps: steps:
- name: Obtain token - name: Obtain token
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.HOMARR_DOCS_RELEASE_APP_PRIVATE_KEY }} private-key: ${{ secrets.HOMARR_DOCS_RELEASE_APP_PRIVATE_KEY }}
app_id: ${{ vars.HOMARR_DOCS_RELEASE_APP_ID }} app-id: ${{ vars.HOMARR_DOCS_RELEASE_APP_ID }}
installation_retrieval_mode: repository owner: homarr-labs
installation_retrieval_payload: homarr-labs/documentation repositories: |
documentation
permission-contents: write # required to dispatch repository workflow
- name: Trigger documentation release - name: Trigger documentation release
env: env:
GITHUB_TOKEN: ${{ steps.obtainToken.outputs.token }} GITHUB_TOKEN: ${{ steps.obtainToken.outputs.token }}
@@ -40,10 +42,12 @@ jobs:
steps: steps:
- name: Obtain token - name: Obtain token
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.RENOVATE_MERGE_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_MERGE_PRIVATE_KEY }}
app_id: ${{ secrets.RENOVATE_MERGE_APP_ID }} app-id: ${{ secrets.RENOVATE_MERGE_APP_ID }}
permission-contents: write # required to commit to branch
permission-pull-requests: write # required to create pr & enable automerge
- name: Checkout code - name: Checkout code
uses: actions/checkout@v5 uses: actions/checkout@v5
with: with:

11
.github/workflows/update-contributors.yml vendored
View File

@@ -9,9 +9,6 @@ env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CROWDIN_TOKEN: "${{ secrets.CROWDIN_UPDATE_CONTRIBUTORS_TOKEN }}" CROWDIN_TOKEN: "${{ secrets.CROWDIN_UPDATE_CONTRIBUTORS_TOKEN }}"
permissions:
contents: write
jobs: jobs:
update-contributors: update-contributors:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -21,10 +18,12 @@ jobs:
steps: steps:
- name: Obtain token - name: Obtain token
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.HOMARR_UPDATE_CONTRIBUTORS_PRIVATE_KEY }} private-key: ${{ secrets.HOMARR_UPDATE_CONTRIBUTORS_PRIVATE_KEY }}
app_id: ${{ vars.HOMARR_UPDATE_CONTRIBUTORS_APP_ID }} app-id: ${{ vars.HOMARR_UPDATE_CONTRIBUTORS_APP_ID }}
permission-contents: write # required to commit to branch
permission-pull-requests: write # required to create pr & enable automerge
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v5

12
.github/workflows/update-integration-list.yml vendored
View File

@@ -1,7 +1,7 @@
name: Update integration list name: Update integration list
on: on:
workflow_dispatch: { } workflow_dispatch: {}
push: push:
paths: paths:
- packages/definitions/src/integration.ts - packages/definitions/src/integration.ts
@@ -20,10 +20,12 @@ jobs:
steps: steps:
- name: Obtain token - name: Obtain token
id: obtainToken id: obtainToken
uses: tibdex/github-app-token@v2 uses: actions/create-github-app-token@v2
with: with:
private_key: ${{ secrets.HOMARR_UPDATE_CONTRIBUTORS_PRIVATE_KEY }} private-key: ${{ secrets.HOMARR_UPDATE_CONTRIBUTORS_PRIVATE_KEY }}
app_id: ${{ vars.HOMARR_UPDATE_CONTRIBUTORS_APP_ID }} app-id: ${{ vars.HOMARR_UPDATE_CONTRIBUTORS_APP_ID }}
permission-contents: write # required to commit to branch
permission-pull-requests: write # required to create pr & enable automerge
- name: Checkout code - name: Checkout code
uses: actions/checkout@v5 uses: actions/checkout@v5
env: env:
@@ -59,4 +61,4 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ steps.obtainToken.outputs.token }} GITHUB_TOKEN: ${{ steps.obtainToken.outputs.token }}
run: | run: |
gh pr merge ${{steps.create-pull-request.outputs.pull-request-number}} --auto --squash gh pr merge ${{steps.create-pull-request.outputs.pull-request-number}} --auto --squash