From f1885345e7ae1773756b12e2d6a9e31e19da1667 Mon Sep 17 00:00:00 2001 From: xuan-cao-swi Date: Fri, 6 Oct 2023 16:29:05 -0400 Subject: [PATCH 1/2] NH-62724: update secrets for github_action --- .github/workflows/build_and_release_gem.yml | 10 ++++++++-- .github/workflows/verify_install.yml | 16 ++++++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_and_release_gem.yml b/.github/workflows/build_and_release_gem.yml index 3f77e3a7..417a5fd9 100644 --- a/.github/workflows/build_and_release_gem.yml +++ b/.github/workflows/build_and_release_gem.yml @@ -6,7 +6,6 @@ name: Ruby Gem to RubyGems # - TRACE_BUILD_RUBY_ACTIONS_API_TOKEN (from the trace-build user in github) # - RUBYGEMS_TOKEN (from the solarwinds-apm user on rubygems.org) # - APM_RUBY_INSTALL_TESTING_SWO_KEY -# - CI_GITHUB_TOKEN # # The correct oboe version has to be in the file ext/oboe_metal/src/VERSION @@ -72,10 +71,17 @@ jobs: echo "local and rubygems checksum not matching, gem needs to be yanked from rubygems.org" exit 1 + - name: Obtain github token + uses: getsentry/action-github-app-token@v2 + id: github-token + with: + app_id: ${{ vars.APPLICATION_ID }} + private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} + - name: Create release draft that includes the checksum uses: actions/github-script@v3 with: - github-token: ${{secrets.CI_GITHUB_TOKEN}} + github-token: ${{ steps.github-token.outputs.token }} script: | github.repos.createRelease({ owner: "solarwindscloud", diff --git a/.github/workflows/verify_install.yml b/.github/workflows/verify_install.yml index bde5dbcc..07dd3367 100644 --- a/.github/workflows/verify_install.yml +++ b/.github/workflows/verify_install.yml @@ -31,6 +31,12 @@ jobs: matrix: ${{ steps.launch.outputs.matrix }} # this will be a json object mapping identifiers to labels and instance ids runs-on: ubuntu-latest steps: + - uses: getsentry/action-github-app-token@v2 + id: github-token + with: + app_id: ${{ vars.APPLICATION_ID }} + private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} + - uses: aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.CI_ACCESS_KEY_ID }} @@ -49,7 +55,7 @@ jobs: amazonlinux:2 amazonlinux:2023 ubuntu:22.04 - github-token: ${{ secrets.CI_GITHUB_TOKEN }} + github-token: ${{ steps.github-token.outputs.token }} runner-user: github runner-directory: /gh instance-type: t4g.medium @@ -121,6 +127,12 @@ jobs: - verify_installation runs-on: ubuntu-latest steps: + - uses: getsentry/action-github-app-token@v2 + id: github-token + with: + app_id: ${{ vars.APPLICATION_ID }} + private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} + - uses: aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.CI_ACCESS_KEY_ID }} @@ -129,5 +141,5 @@ jobs: - uses: solarwindscloud/ec2-runner-action@main with: action: terminate - github-token: ${{ secrets.CI_GITHUB_TOKEN }} + github-token: ${{ steps.github-token.outputs.token }} matrix: ${{ needs.start_arm64_runner.outputs.matrix }} # passing a matrix will terminate all runners, not just one From 5d21665417fb2a796ba3d1ca7ca85f8d38d1e62e Mon Sep 17 00:00:00 2001 From: xuan-cao-swi Date: Thu, 12 Oct 2023 10:14:44 -0400 Subject: [PATCH 2/2] NH-62724: use default github_token for creating release --- .github/workflows/build_and_release_gem.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/build_and_release_gem.yml b/.github/workflows/build_and_release_gem.yml index 417a5fd9..ea61fc6b 100644 --- a/.github/workflows/build_and_release_gem.yml +++ b/.github/workflows/build_and_release_gem.yml @@ -71,17 +71,10 @@ jobs: echo "local and rubygems checksum not matching, gem needs to be yanked from rubygems.org" exit 1 - - name: Obtain github token - uses: getsentry/action-github-app-token@v2 - id: github-token - with: - app_id: ${{ vars.APPLICATION_ID }} - private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} - - name: Create release draft that includes the checksum uses: actions/github-script@v3 with: - github-token: ${{ steps.github-token.outputs.token }} + github-token: ${{secrets.GITHUB_TOKEN}} script: | github.repos.createRelease({ owner: "solarwindscloud",