Switched to GitHub App token for its own ship workflow (#2003)

CatChen · Jun 6, 2023 · cd52b1c · cd52b1c
1 parent e566d00
commit cd52b1c
Showing 1 changed file with 14 additions and 36 deletions.
diff --git a/.github/workflows/ship.yml b/.github/workflows/ship.yml
@@ -74,8 +74,15 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - id: get-github-app-token
+        uses: getsentry/action-github-app-token@v2
+        with:
+          app_id: ${{ secrets.ACCEPT_TO_SHIP_BOT_APP_ID }}
+          private_key: ${{ secrets.ACCEPT_TO_SHIP_BOT_APP_PRIVATE_KEY }}
+
       - uses: CatChen/accept-to-ship-action@v0.4
         with:
+          github-token: ${{ steps.get-github-app-token.outputs.token }}
           merge-method: squash
           timeout: 0
 
@@ -98,46 +105,17 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - id: get-github-app-token
+        uses: getsentry/action-github-app-token@v2
+        with:
+          app_id: ${{ secrets.ACCEPT_TO_SHIP_BOT_APP_ID }}
+          private_key: ${{ secrets.ACCEPT_TO_SHIP_BOT_APP_PRIVATE_KEY }}
+
       - id: ship
         uses: ./
         with:
+          github-token: ${{ steps.get-github-app-token.outputs.token }}
           merge-method: squash
           timeout: 0
           request-zero-accept-zero: true
           custom-hashtag: '#pass2ship'
-
-  build:
-    needs: [accept-to-ship, pass-to-ship]
-    if: ${{ !needs.accept-to-ship.outputs.skipped || !needs.pass-to-ship.outputs.skipped }}
-    permissions:
-      pull-requests: write
-      contents: write
-    uses: ./.github/workflows/build.yml
-    with:
-      ref: 'refs/heads/main'
-
-  test:
-    needs: [accept-to-ship, pass-to-ship]
-    if: ${{ !needs.accept-to-ship.outputs.skipped || !needs.pass-to-ship.outputs.skipped }}
-    permissions: write-all
-    uses: ./.github/workflows/test.yml
-    with:
-      ref: 'refs/heads/main'
-
-  eslint:
-    needs: [accept-to-ship, pass-to-ship]
-    if: ${{ !needs.accept-to-ship.outputs.skipped || !needs.pass-to-ship.outputs.skipped }}
-    uses: ./.github/workflows/eslint.yml
-    with:
-      ref: 'refs/heads/main'
-
-  codeql:
-    needs: [accept-to-ship, pass-to-ship]
-    if: ${{ !needs.accept-to-ship.outputs.skipped || !needs.pass-to-ship.outputs.skipped }}
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    uses: ./.github/workflows/codeql.yml
-    with:
-      ref: 'refs/heads/main'