Closed anuraaga closed 3 months ago
I was wondering if there is interest in tweaking the example to be used with
git config
? I feel as if that is more generally useful than just echoing the string. For example
I think we can list both examples. There are use cases that require the commit string, e.g. some actions. If you'd like to add another example on how to configure git using outputs of this action, that'd be great
Indeed, installation-id
is not equal to user id
. https://github.com/actions/create-github-app-token/pull/105#issuecomment-1955720302
The user id
can be obtained by requesting https://api.github.com/users/$AppSlug[bot]
.
Here's how my bot signature is generated.
function set_dco_signature {
if [[ $TOKEN == ghp_* ]]; then
# https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
# What starts with 'ghp_' is the GitHub personal access token
response=$(curl -s -H "Authorization: token $TOKEN" "$GITHUB_URL/user")
elif [[ $APP_SLUG ]]; then
CommitBot=$APP_SLUG
else
CommitBot="github-actions"
fi
if [[ $CommitBot ]]; then
response=$(curl -s -H "Authorization: token $TOKEN" "$GITHUB_URL/users/$CommitBot\[bot\]")
fi
CommitBot=$(echo "$response" | jq -r '.login')
id=$(echo "$response" | jq -r '.id')
echo "Signed-off-by: $CommitBot <$id+$CommitBot@users.noreply.github.com>"
}
By the way, I'd like to share my own submission script based on GitHub GraphQL API
that supports adding and subtracting multiple files.
https://github.com/maboloshi/github-chinese/blob/gh-pages/script/ci_commit_with_signature.sh
Usage example:
- name: Commit and push main.user.js
if: ${{ env.LOCALS_JS_IS_CHANGED == 'true' &&
env.MAIN_USER_JS_IS_CHANGED == 'true' }}
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
APP_SLUG: ${{ steps.generate_token.outputs.app-slug }}
run: |
bash script/ci_commit_with_signature.sh \
-R "${{ github.repository }}" \
-B "${{ github.ref_name }}" \
-P "${{ github.sha }}" \
-F "main.user.js" \
-h "main.user.js Update to version $(TZ='Asia/Shanghai' date +'%Y-%m-%d')"
Based on the octokit/request-action
mentioned by @gr2m, I rewrote the example (untested) https://github.com/actions/create-github-app-token/issues/148#issuecomment-2192576973
### Configure git CLI for an app's bot user
```yaml
on: [pull_request]
jobs:
auto-format:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
# required
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: octokit/request-action@v2
id: get-bot-id
with:
route: GET /users/${{ steps.app-token.outputs.app-slug }}[bot]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ fromJson(steps.get-bot-id.outputs.data).id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
# git commands like commit work using the bot user
- run: |
git add .
git commit -m "Auto-generated changes"
git push
Yeah I considered using gh
CLI to get the id which might be a bit simpler than that. I felt it's a bit weird since the id is guaranteed to be static so could easily be hard coded in the yaml. But happy to try it if it's better.
Yeah I considered using
gh
CLI to get the id which might be a bit simpler than that. I felt it's a bit weird since the id is guaranteed to be static so could easily be hard coded in the yaml. But happy to try it if it's better.
using the gh
CLI is a great idea, too. Once you have tested it, could you update your PR? Really appreciate y'all helping with this
I tried with the GH CLI, it works like a charm:
- name: Generate GitHub App Token
id: generate-token
uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2
with:
app-id: ${{ secrets.SEMANTIC_RELEASE_APP_ID }}
private-key: ${{ secrets.SEMANTIC_RELEASE_PRIVATE_KEY }}
- name: Retrieve GitHub App User ID
id: get-user-id
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
- name: GitHub Release
id: semantic-release
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
GIT_AUTHOR_NAME: ${{ steps.generate-token.outputs.app-slug }}[bot]
GIT_AUTHOR_EMAIL: ${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com
GIT_COMMITTER_NAME: ${{ steps.generate-token.outputs.app-slug }}[bot]
GIT_COMMITTER_EMAIL: ${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com
run: npx semantic-release
Thanks all, I have gone ahead and updated the doc to use gh
CLI to get the user ID
This part has not been corrected.😊
run: echo "string=${{steps.app-token.outputs.app-slug}}[bot] <${{ steps.app-token.outputs.installation-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT"
Ah wasn't sure if it's ok to update the existing doc, went ahead and did it. Thanks
:tada: This PR is included in version 1.10.3 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
I noticed the referenced ID in the committer string example doesn't seem to be correct.
Unrelated to this fix, I was wondering if there is interest in tweaking the example to be used with
git config
? I feel as if that is more generally useful than just echoing the string. For exampleIt is the same content as the current example but ready to go for a common use case IMO.