fix(ci): allows semantic-release to push changes

During the release generation in the ci job, semantic-release needs to push the new content of the package.json, package-lock.json, and CHANGELOG.md files, since the next and current branches are protected, it needs to use a Github App to proceed with the push
circular-o · May 26, 2023 · acccb19 · acccb19
1 parent 0fb1c71
commit acccb19
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/.github/workflows/nodejs.release.yml b/.github/workflows/nodejs.release.yml
@@ -9,15 +9,21 @@ on:
 
 jobs:
   build-and-publish:
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
-
     runs-on: ubuntu-latest
+    concurrency: release
 
     steps:
+      - name: Generate GitHub token
+        id: generate_token
+        uses: tibdex/github-app-token@v1
+        with:
+          app_id: ${{ secrets.SEMANTIC_RELEASE_APP_ID }}
+          private_key: ${{ secrets.SEMANTIC_RELEASE_PRIVATE_KEY }}
+
       - uses: actions/checkout@v3
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
@@ -34,4 +40,4 @@ jobs:
         run: npm run semantic-release
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}