Chore: Use github app for dependabot go workspace workflow (#98464)

2025-02-25 18:55:37 -06:00 · 2025-01-03 13:52:52 -05:00 · 2025-01-03 13:52:52 -05:00 · 228ac25ff4
commit 228ac25ff4
parent 46d2fac82c
1 changed files with 24 additions and 4 deletions
--- a/.github/workflows/pr-dependabot-update-go-workspace.yml
+++ b/.github/workflows/pr-dependabot-update-go-workspace.yml
@ -19,17 +19,40 @@ jobs:
    if: ${{ github.actor == 'dependabot[bot]' }}
    continue-on-error: true
    steps:
+    - name: Retrieve GitHub App secrets
+      id: get-secrets
+      uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.0.1
+      with:
+        repo_secrets: |
+          APP_ID=grafana-go-workspace-bot:app-id
+          APP_INSTALLATION_ID=grafana-go-workspace-bot:app-installation-id
+          PRIVATE_KEY=grafana-go-workspace-bot:private-key
+
+    - name: Generate GitHub App token
+      id: generate_token
+      uses: actions/create-github-app-token@v1
+      with:
+        app-id: ${{ env.APP_ID }}
+        private-key: ${{ env.PRIVATE_KEY }}
+
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        repository: ${{ github.event.pull_request.head.repo.full_name }}
        ref: ${{ github.event.pull_request.head.ref }}
+        token: ${{ steps.generate_token.outputs.token }}

    - name: Set go version
      uses: actions/setup-go@v4
      with:
        go-version-file: go.mod

+    - name: Configure Git
+      run: |
+          git config --local user.email "${APP_INSTALLATION_ID}+grafana-go-workspace-bot[bot]@users.noreply.github.com"
+          git config --local user.name "grafana-go-workspace-bot[bot]"
+          git config --local --add --bool push.autoSetupRemote true
+
    - name: Update workspace
      run: make update-workspace

@ -38,10 +61,7 @@ jobs:
        BRANCH_NAME: ${{ github.head_ref || github.ref_name }} 
      run: |
        if ! git diff --exit-code --quiet; then
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git config --local --add --bool push.autoSetupRemote true
          echo "Committing and pushing workspace changes"
          git commit -a -m "update workspace"
          git push origin $BRANCH_NAME
-        fi
+        fi