Merge #1580: ci: add token for cron-update-rust.yml

b140b32 ci: gpg commit signing for cron-update-rust.yml (Steve Myers) 054d148 ci: add token for cron-update-rust.yml (Steve Myers) Pull request description: ### Description Add organization app token and GPG signing key for cron-update-rust.yml. ### Notes to the reviewers I went with the organization github app token option mentioned here: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs I added gpg commit signing with below instructions. The instructions say to use PAT for signing but the plugin doesn't mention it's needed so I want to try it with only the github app token. https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#gpg-commit-signature-verification ACKs for top commit: oleonardolima: ACK b140b32 ValuedMammal: ACK b140b32 Tree-SHA512: 0730264ccd39645bbfe496abb43e5ac4c16de1ca9032ede4310ec190c4441152fa8adef09cf73c28c9b547d0de41e34431df88deba7d706389df564907081583
bitcoindevkit · Aug 30, 2024 · 56970a9 · 56970a9
2 parents a8d52e6 + b140b32
commit 56970a9
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/.github/workflows/cron-update-rust.yml b/.github/workflows/cron-update-rust.yml
@@ -10,6 +10,16 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
+      - uses: tibdex/github-app-token@v1
+        id: generate-token
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
       - name: Update rust-version to use latest stable
         run: |
           set -x
@@ -30,9 +40,9 @@ jobs:
         if: env.changes_made == 'true'
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          author: Update Rustc Bot <bot@example.com>
-          committer: Update Rustc Bot <bot@example.com>
+          token: ${{ steps.generate-token.outputs.token }}
+          author: Github Action <github@bitcoindevkit.org>
+          committer: Github Action <github@bitcoindevkit.org>
           branch: create-pull-request/update-rust-version
           title: |
             ci: automated update to rustc ${{ env.rust_version }}