Closed anuraaga closed 3 months ago
gr2m
commented
3 months ago I was wondering if there is interest in tweaking the example to be used with
git config? I feel as if that is more generally useful than just echoing the string. For example
I think we can list both examples. There are use cases that require the commit string, e.g. some actions. If you'd like to add another example on how to configure git using outputs of this action, that'd be great
maboloshi
commented
3 months ago Indeed, installation-id is not equal to user id. https://github.com/actions/create-github-app-token/pull/105#issuecomment-1955720302
The user id can be obtained by requesting https://api.github.com/users/$AppSlug[bot].
Here's how my bot signature is generated.
function set_dco_signature {
if [[ $TOKEN == ghp_* ]]; then
# https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
# What starts with 'ghp_' is the GitHub personal access token
response=$(curl -s -H "Authorization: token $TOKEN" "$GITHUB_URL/user")
elif [[ $APP_SLUG ]]; then
CommitBot=$APP_SLUG
else
CommitBot="github-actions"
fi
if [[ $CommitBot ]]; then
response=$(curl -s -H "Authorization: token $TOKEN" "$GITHUB_URL/users/$CommitBot\[bot\]")
fi
CommitBot=$(echo "$response" | jq -r '.login')
id=$(echo "$response" | jq -r '.id')
echo "Signed-off-by: $CommitBot <$id+$CommitBot@users.noreply.github.com>"
}By the way, I'd like to share my own submission script based on GitHub GraphQL API that supports adding and subtracting multiple files.
https://github.com/maboloshi/github-chinese/blob/gh-pages/script/ci_commit_with_signature.sh
Usage example:
- name: Commit and push main.user.js
if: ${{ env.LOCALS_JS_IS_CHANGED == 'true' &&
env.MAIN_USER_JS_IS_CHANGED == 'true' }}
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
APP_SLUG: ${{ steps.generate_token.outputs.app-slug }}
run: |
bash script/ci_commit_with_signature.sh \
-R "${{ github.repository }}" \
-B "${{ github.ref_name }}" \
-P "${{ github.sha }}" \
-F "main.user.js" \
-h "main.user.js Update to version $(TZ='Asia/Shanghai' date +'%Y-%m-%d')"Based on the octokit/request-action mentioned by @gr2m, I rewrote the example (untested) https://github.com/actions/create-github-app-token/issues/148#issuecomment-2192576973
### Configure git CLI for an app's bot user
```yaml
on: [pull_request]
jobs:
auto-format:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
# required
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: octokit/request-action@v2
id: get-bot-id
with:
route: GET /users/${{ steps.app-token.outputs.app-slug }}[bot]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ fromJson(steps.get-bot-id.outputs.data).id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
# git commands like commit work using the bot user
- run: |
git add .
git commit -m "Auto-generated changes"
git push
anuraaga
commented
3 months ago Yeah I considered using gh CLI to get the id which might be a bit simpler than that. I felt it's a bit weird since the id is guaranteed to be static so could easily be hard coded in the yaml. But happy to try it if it's better.
gr2m
commented
3 months ago Yeah I considered using
ghCLI to get the id which might be a bit simpler than that. I felt it's a bit weird since the id is guaranteed to be static so could easily be hard coded in the yaml. But happy to try it if it's better.
using the gh CLI is a great idea, too. Once you have tested it, could you update your PR? Really appreciate y'all helping with this
vleon1a
commented
3 months ago I tried with the GH CLI, it works like a charm:
- name: Generate GitHub App Token
id: generate-token
uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2
with:
app-id: ${{ secrets.SEMANTIC_RELEASE_APP_ID }}
private-key: ${{ secrets.SEMANTIC_RELEASE_PRIVATE_KEY }}
- name: Retrieve GitHub App User ID
id: get-user-id
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
- name: GitHub Release
id: semantic-release
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
GIT_AUTHOR_NAME: ${{ steps.generate-token.outputs.app-slug }}[bot]
GIT_AUTHOR_EMAIL: ${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com
GIT_COMMITTER_NAME: ${{ steps.generate-token.outputs.app-slug }}[bot]
GIT_COMMITTER_EMAIL: ${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com
run: npx semantic-releaseThanks all, I have gone ahead and updated the doc to use gh CLI to get the user ID
maboloshi
commented
3 months ago This part has not been corrected.😊
run: echo "string=${{steps.app-token.outputs.app-slug}}[bot] <${{ steps.app-token.outputs.installation-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT"
anuraaga
commented
3 months ago Ah wasn't sure if it's ok to update the existing doc, went ahead and did it. Thanks
create-app-token-action-releaser[bot]
commented
3 months ago :tada: This PR is included in version 1.10.3 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
I noticed the referenced ID in the committer string example doesn't seem to be correct.
Unrelated to this fix, I was wondering if there is interest in tweaking the example to be used with
git config? I feel as if that is more generally useful than just echoing the string. For exampleIt is the same content as the current example but ready to go for a common use case IMO.