From 15a85686c25d7588d4e7564a3a7d67b71440f91d Mon Sep 17 00:00:00 2001 From: Dimitris Sotirakis Date: Wed, 21 Jun 2023 12:06:56 +0300 Subject: [PATCH] GitHub Apps: Replace `grafanabot` token with `grafana-delivery-bot` GitHub App (#70242) * Update bump-version.yml * Fix secret * [REVERTME] Remove check * Test without grafana-delivery-bot prefix * Check if token exists * Cleanup bump-version * Update gh actions to use app key --- .github/workflows/backport.yml | 8 +++++- .github/workflows/bump-version.yml | 20 +++++++-------- .github/workflows/close-milestone.yml | 8 +++++- .github/workflows/github-release.yml | 12 ++++++--- .github/workflows/milestone.yml | 34 +++++++++++++++++--------- .github/workflows/remove-milestone.yml | 8 +++++- .github/workflows/update-changelog.yml | 8 +++++- 7 files changed, 69 insertions(+), 29 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 97042213f2c..551ff491fc9 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -17,10 +17,16 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Run backport uses: ./actions/backport with: metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}} - token: ${{secrets.GH_BOT_ACCESS_TOKEN}} + token: ${{ steps.generate_token.outputs.token }} labelsToAdd: "backport" title: "[{{base}}] {{originalTitle}}" diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index a61b7bb00c6..92979c76523 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -6,12 +6,12 @@ on: description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1' required: true env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false + YARN_ENABLE_IMMUTABLE_INSTALLS: false jobs: main: runs-on: ubuntu-latest steps: - # This is a basic workflow to help you get started with Actions + # This is a basic workflow to help you get started with Actions - uses: actions-ecosystem/action-regex-match@v2.0.2 if: ${{ github.event.inputs.version != '' }} id: regex-match @@ -49,14 +49,6 @@ jobs: echo "branch_name=v${{steps.regex-match.outputs.group1}}" >> $GITHUB_OUTPUT echo "branch_exist=$(git ls-remote --heads https://github.com/grafana/grafana.git v${{ steps.regex-match.outputs.group1 }}.x | wc -l)" >> $GITHUB_OUTPUT - - name: Check input version is aligned with branch(main) - if: ${{ github.event.inputs.version != '' && steps.intermedia.outputs.branch_exist == '0' && !contains(github.event.inputs.version, 'pre') && !contains(steps.intermedia.outputs.short_ref, 'main') }} - run: | - echo "When you want to deliver a new new minor version, you might want to create a new branch first \ - with naming convention v[major].[minor].x, and just run the workflow on that branch. \ - Run the workflow on main only when needed" - exit 1 - - name: Checkout Actions uses: actions/checkout@v3 with: @@ -68,8 +60,14 @@ jobs: node-version: '16' - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Run bump version (manually invoked) uses: ./actions/bump-version with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} metricsWriteAPIKey: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }} diff --git a/.github/workflows/close-milestone.yml b/.github/workflows/close-milestone.yml index e798f0cd4bf..7a9d50124cf 100644 --- a/.github/workflows/close-milestone.yml +++ b/.github/workflows/close-milestone.yml @@ -26,11 +26,17 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Close milestone (manually invoked) if: ${{ github.event.inputs.version != '' }} uses: ./actions/close-milestone with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} - name: Close milestone (workflow invoked) if: ${{ inputs.version_call != '' }} uses: ./actions/close-milestone diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index f0223cfdcca..0d90168d81b 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: version: - required: true + required: true description: Needs to match, exactly, the name of a milestone (NO v prefix) jobs: main: @@ -14,11 +14,17 @@ jobs: with: repository: "grafana/grafana-github-actions" path: ./actions - ref: main + ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Run github release action uses: ./actions/github-release with: - token: ${{secrets.GH_BOT_ACCESS_TOKEN}} + token: ${{ steps.generate_token.outputs.token }} metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}} diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml index 29c27f361ae..ab3e60a098c 100644 --- a/.github/workflows/milestone.yml +++ b/.github/workflows/milestone.yml @@ -7,15 +7,27 @@ on: required: true jobs: call-remove-milestone: - uses: grafana/grafana/.github/workflows/remove-milestone.yml@main - with: - version_call: ${{ github.event.inputs.version_input }} - secrets: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} + - uses: grafana/grafana/.github/workflows/remove-milestone.yml@main + with: + version_call: ${{ github.event.inputs.version_input }} + secrets: + token: ${{ steps.generate_token.outputs.token }} call-close-milestone: - uses: grafana/grafana/.github/workflows/close-milestone.yml@main - with: - version_call: ${{ github.event.inputs.version_input }} - secrets: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} - needs: call-remove-milestone + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} + - uses: grafana/grafana/.github/workflows/close-milestone.yml@main + with: + version_call: ${{ github.event.inputs.version_input }} + secrets: + token: ${{ steps.generate_token.outputs.token }} + needs: call-remove-milestone diff --git a/.github/workflows/remove-milestone.yml b/.github/workflows/remove-milestone.yml index 78305864e09..ac896eeb792 100644 --- a/.github/workflows/remove-milestone.yml +++ b/.github/workflows/remove-milestone.yml @@ -26,11 +26,17 @@ jobs: ref: main - name: Install Actions run: npm install --production --prefix ./actions + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Remove milestone from open issues (manually invoked) if: ${{ github.event.inputs.version != '' }} uses: ./actions/remove-milestone with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} - name: Remove milestone from open issues (workflow invoked) if: ${{ inputs.version_call != '' }} uses: ./actions/remove-milestone diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index b03e0aa4ef6..3ddba2b91a7 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -15,10 +15,16 @@ jobs: main: runs-on: ubuntu-latest steps: + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Run update changelog (manually invoked) uses: grafana/grafana-github-actions-go/update-changelog@main with: - token: ${{ secrets.GH_BOT_ACCESS_TOKEN }} + token: ${{ steps.generate_token.outputs.token }} version: ${{ inputs.version }} metrics_api_key: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }} community_api_key: ${{ secrets.GRAFANABOT_FORUM_KEY }}