From 9decdc7fb91e15eb0d97c765c55676500aea91f4 Mon Sep 17 00:00:00 2001 From: Alejandro Alvarez Date: Tue, 28 Nov 2023 14:53:01 +0100 Subject: [PATCH] Dat 16350 (#133) * chore(extension-release-prepare.yml): update email address for git user to use a noreply email address for better identification chore(extension-release-published.yml): update version of extension-release-prepare.yml used in maven-release job to DAT-16350 branch * chore(extension-release-prepare.yml): update extension-release-rollback.yml version to DAT-16350 to fix rollback job failure * fix(extension-release-prepare.yml): add token parameter to checkout action to allow access to private repositories fix(extension-release-prepare.yml): add pushChanges=false parameter to release:prepare command to prevent accidental pushing of changes fix(extension-release-prepare.yml): add push changes step to push changes made during release preparation * fix(extension-release-prepare.yml): disable persisting credentials to prevent token leakage * chore(extension-release-prepare.yml): set fetch-depth to 0 in the GitHub Actions workflow to fetch the complete commit history for the main branch * chore(extension-release-prepare.yml): update ad-m/github-push-action to v0.8.0 to ensure compatibility with the latest version chore(extension-release-prepare.yml): set branch to main in the github-push-action step to push changes to the main branch * fix(extension-release-prepare.yml): change the branch name from 'main' to '${{ github.head_ref }}' to dynamically use the current branch name fix(extension-release-prepare.yml): add the 'repository' parameter to the 'checkout' action to ensure the correct repository is used feat(extension-release-prepare.yml): add the 'force' and 'tags' parameters to the 'push' action to force push and push tags * chore(extension-release-prepare.yml): remove unused GITHUB_TOKEN environment variable fix(extension-release-prepare.yml): update GITHUB_TOKEN reference to use secrets.BOT_TOKEN for security reasons * chore(extension-release-prepare.yml): update git user email and name configuration to use local scope for better isolation * chore(extension-release-prepare.yml): remove unnecessary force flag from the push step to prevent accidental force push * chore(extension-release-prepare.yml): remove unnecessary git configuration for user name and email chore(extension-release-prepare.yml): remove unused push changes step * fix(extension-release-prepare.yml): change checkout ref from github.head_ref to "main" to ensure consistent behavior * chore(extension-release-prepare.yml): remove unnecessary options from the checkout action The `persist-credentials` and `fetch-depth` options were removed from the checkout action as they were not needed. * chore(extension-release-prepare.yml): add GITHUB_TOKEN environment variable to the prepare-release job to enable authentication for GitHub API requests * chore(extension-release-prepare.yml): update liquibase/build-logic version to v0.5.7 in release-rollback job chore(extension-release-published.yml): update liquibase/build-logic version to v0.5.7 in maven-release job * fix(extension-release-rollback.yml): update git user email to use GitHub noreply email address for better identification fix(extension-release-rollback.yml): update GitHub token reference to use secrets.BOT_TOKEN for security reasons --- .github/workflows/extension-release-rollback.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/extension-release-rollback.yml b/.github/workflows/extension-release-rollback.yml index e98d1378..a9a00c81 100644 --- a/.github/workflows/extension-release-rollback.yml +++ b/.github/workflows/extension-release-rollback.yml @@ -25,11 +25,12 @@ jobs: uses: actions/checkout@v4 with: ref: main + token: ${{ secrets.BOT_TOKEN }} - name: Configure Git run: | - git config user.name "liquibot" - git config user.email "liquibot@liquibase.org" + git config --local user.email "64099989+liquibot@users.noreply.github.com" + git config --local user.name "liquibot" - name: Set up JDK uses: actions/setup-java@v3 @@ -95,6 +96,6 @@ jobs: - name: Perform Maven Release Rollback run: | mvn -B versions:revert release:rollback \ - -Darguments="-Dusername=liquibot -Dpassword=$GITHUB_TOKEN -Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \ + -Darguments="-Dusername=liquibot -Dpassword=${{ secrets.BOT_TOKEN }} -Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \ -DconnectionUrl=scm:git:https://github.com/${{ github.repository }}.git \ -DcheckModificationExcludeList=pom.xml \ No newline at end of file