Skip to content

Commit

Permalink
chore: update release workflows to use a PAT
Browse files Browse the repository at this point in the history
  • Loading branch information
@philasmar @aws-sdk-dotnet-automation
philasmar authored and aws-sdk-dotnet-automation committed Apr 2, 2024
1 parent 5dd9b0f commit e0143f3
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
19 changes: 18 additions & 1 deletion .github/workflows/create-release-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ on:
type: string
required: false

permissions:
id-token: write

jobs:
release-pr:
name: Release PR
Expand All @@ -20,11 +23,25 @@ jobs:
INPUT_OVERRIDE_VERSION: ${{ github.event.inputs.OVERRIDE_VERSION }}

steps:
# Assume an AWS Role that provides access to the Access Token
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4
with:
role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }}
aws-region: us-west-2
# Retrieve the Access Token from Secrets Manager
- name: Retrieve secret from AWS Secrets Manager
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
parse-json-secrets: true
# Checkout a full clone of the repo
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: '0'
token: ${{ env.AWS_SECRET_TOKEN }}
# Install .NET8 which is needed for AutoVer
- name: Setup .NET 8.0
uses: actions/setup-dotnet@v4
Expand Down Expand Up @@ -77,7 +94,7 @@ jobs:
# Create the Release PR and label it
- name: Create Pull Request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }}
run: |
pr_url="$(gh pr create --title "${{ steps.read-release-name.outputs.VERSION }}" --body "${{ steps.read-changelog.outputs.CHANGELOG }}" --base dev --head ${{ steps.create-release-branch.outputs.BRANCH }})"
gh label create "Release PR" --description "A Release PR that includes versioning and changelog changes" -c "#FF0000" -f
Expand Down
17 changes: 16 additions & 1 deletion .github/workflows/sync-main-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:

permissions:
contents: write
id-token: write

jobs:
# This job will check if the PR was successfully merged, it's source branch is `releases/next-release` and target branch is `dev`.
Expand All @@ -23,12 +24,26 @@ jobs:
github.event.pull_request.base.ref == 'dev'
runs-on: ubuntu-latest
steps:
# Assume an AWS Role that provides access to the Access Token
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4
with:
role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }}
aws-region: us-west-2
# Retrieve the Access Token from Secrets Manager
- name: Retrieve secret from AWS Secrets Manager
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
parse-json-secrets: true
# Checkout a full clone of the repo
- name: Checkout code
uses: actions/checkout@v4
with:
ref: dev
fetch-depth: 0
token: ${{ env.AWS_SECRET_TOKEN }}
# Install .NET8 which is needed for AutoVer
- name: Setup .NET 8.0
uses: actions/setup-dotnet@v4
Expand Down Expand Up @@ -70,7 +85,7 @@ jobs:
# Create the GitHub Release
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }}
run: |
gh release create "${{ steps.read-tag-name.outputs.TAG }}" --title "${{ steps.read-release-name.outputs.VERSION }}" --notes "${{ steps.read-changelog.outputs.CHANGELOG }}"
# Delete the `releases/next-release` branch
Expand Down

0 comments on commit e0143f3

Please sign in to comment.