arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-05-23 17:28:46 +00:00
Code Issues Releases Wiki Activity

ci: replace user tokens with github app integration

Browse Source
This commit is contained in:
vdovhanych 2025-04-28 14:56:11 +02:00 committed by Vitalij Dovhanyc
parent 10f9254f7a
commit f1f5990068
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/bot-common-sync.yml vendored
View File

@ -12,14 +12,19 @@ jobs:
sync-common: sync-common:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN_COMMON_FINE }} BOT_USERNAME: "trezor-bot[bot]"
BOT_USERNAME: ${{ secrets.TREZOR_BOT_USERNAME }} BOT_EMAIL: "208941332+trezor-bot[bot]@users.noreply.github.com"
BOT_EMAIL: ${{ secrets.TREZOR_BOT_EMAIL }}
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Generate GitHub App token
id: trezor-bot-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.TREZOR_BOT_APP_ID }}
private-key: ${{ secrets.TREZOR_BOT_PRIVATE_KEY }}
- name: Copy git-filter and script to temporary directory - name: Copy git-filter and script to temporary directory
run: | run: |
@ -37,6 +42,8 @@ jobs:
echo '${{runner.temp}}' >> $GITHUB_PATH echo '${{runner.temp}}' >> $GITHUB_PATH
- name: Sync trezor-common repository - name: Sync trezor-common repository
env:
GITHUB_TOKEN: ${{ steps.trezor-bot-token.outputs.token }}
run: | run: |
echo "Synchronizing common with the trezor-common repository" echo "Synchronizing common with the trezor-common repository"
git config --unset-all http.https://github.com/.extraheader git config --unset-all http.https://github.com/.extraheader

16
.github/workflows/bot-project-automation.yml vendored
View File

@ -12,19 +12,31 @@ jobs:
project-add-pull-request: project-add-pull-request:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Generate GitHub App token
id: trezor-bot-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.TREZOR_BOT_APP_ID }}
private-key: ${{ secrets.TREZOR_BOT_PRIVATE_KEY }}
- name: Add new pull request to the Firmware project - name: Add new pull request to the Firmware project
uses: actions/add-to-project@main uses: actions/add-to-project@main
if: github.event_name == 'pull_request' && github.event.action == 'opened' if: github.event_name == 'pull_request' && github.event.action == 'opened'
with: with:
project-url: https://github.com/orgs/trezor/projects/60 project-url: https://github.com/orgs/trezor/projects/60
github-token: ${{ secrets.GH_BOT_TOKEN }} github-token: ${{ steps.trezor-bot-token.outputs.token }}
project-add-issue: project-add-issue:
name: Add new issue to the Firmware project name: Add new issue to the Firmware project
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Generate GitHub App token
id: trezor-bot-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.TREZOR_BOT_APP_ID }}
private-key: ${{ secrets.TREZOR_BOT_PRIVATE_KEY }}
- uses: actions/add-to-project@main - uses: actions/add-to-project@main
if: github.event_name == 'issues' && github.event.action == 'opened' if: github.event_name == 'issues' && github.event.action == 'opened'
with: with:
project-url: https://github.com/orgs/trezor/projects/60 project-url: https://github.com/orgs/trezor/projects/60
github-token: ${{ secrets.GH_BOT_TOKEN }} github-token: ${{ steps.trezor-bot-token.outputs.token }}