Skip to content

Commit ad3d7f0

Browse files
stevesCopilot
steves
and
Copilot
authored
Migrate 28 remaining workflows from PAT to GitHub App token (#61706)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 76a0870 commit ad3d7f0

26 files changed

Lines changed: 346 additions & 77 deletions

.github/workflows/benchmark-pages.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,14 @@ jobs:
2424
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2525
with:
2626
persist-credentials: 'false'
27+
- name: Generate GitHub App token
28+
id: app-token
29+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
30+
with:
31+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
32+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
33+
owner: github
34+
repositories: docs-engineering
2735

2836
- uses: ./.github/actions/node-npm-setup
2937

@@ -50,7 +58,7 @@ jobs:
5058
- name: Check results and create issue if needed
5159
if: always()
5260
env:
53-
GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
61+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
5462
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
5563
run: |
5664
echo "Reading benchmark results..."
@@ -166,4 +174,4 @@ jobs:
166174
- uses: ./.github/actions/create-workflow-failure-issue
167175
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
168176
with:
169-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
177+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/codeql.yml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,15 @@ jobs:
3030
runs-on: ubuntu-latest
3131
steps:
3232
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
33+
- name: Generate GitHub App token
34+
id: app-token
35+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
36+
with:
37+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
38+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
39+
owner: github
40+
repositories: docs-engineering
41+
3342
- uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
3443
with:
3544
languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp, ruby}
@@ -44,4 +53,4 @@ jobs:
4453
- uses: ./.github/actions/create-workflow-failure-issue
4554
if: ${{ failure() && github.event_name != 'pull_request' }}
4655
with:
47-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
56+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/copilot-setup-steps.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,19 +30,27 @@ jobs:
3030
steps:
3131
- name: Checkout code
3232
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
33+
- name: Generate GitHub App token
34+
id: app-token
35+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
36+
with:
37+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
38+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
39+
owner: github
40+
repositories: docs-early-access
3341

3442
- uses: ./.github/actions/node-npm-setup
3543

3644
# Search and language test suites require a running Elasticsearch instance.
3745
- uses: ./.github/actions/setup-elasticsearch
3846
with:
39-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
47+
token: ${{ steps.app-token.outputs.token }}
4048

4149
# docs-internal has early-access content that must be fetched separately.
4250
- uses: ./.github/actions/get-docs-early-access
4351
if: ${{ github.repository == 'github/docs-internal' }}
4452
with:
45-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
53+
token: ${{ steps.app-token.outputs.token }}
4654

4755
# Many test suites depend on Next.js build artifacts.
4856
- name: Build

.github/workflows/delete-orphan-translation-files.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,12 +61,20 @@ jobs:
6161

6262
steps:
6363
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
64+
- name: Generate GitHub App token
65+
id: app-token
66+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
67+
with:
68+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
69+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
70+
owner: github
71+
repositories: docs-internal.es-es,docs-internal.ja-jp,docs-internal.pt-br,docs-internal.zh-cn,docs-internal.ru-ru,docs-internal.fr-fr,docs-internal.ko-kr,docs-internal.de-de,docs-engineering
6472

6573
- name: Checkout the language-specific repo
6674
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
6775
with:
6876
repository: ${{ matrix.language_repo }}
69-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
77+
token: ${{ steps.app-token.outputs.token }}
7078
path: ${{ matrix.language_dir }}
7179

7280
- uses: ./.github/actions/node-npm-setup
@@ -89,7 +97,7 @@ jobs:
8997
working-directory: ${{ matrix.language_dir }}
9098
env:
9199
# Needed for gh
92-
GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
100+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
93101
run: |
94102
# If nothing to commit, exit now. It's fine. No orphans.
95103
changes=$(git diff --name-only | wc -l)
@@ -164,4 +172,4 @@ jobs:
164172
- uses: ./.github/actions/create-workflow-failure-issue
165173
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
166174
with:
167-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
175+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/enterprise-dates.yml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,21 @@ jobs:
2525
steps:
2626
- name: Checkout repository code
2727
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
28+
- name: Generate GitHub App token
29+
id: app-token
30+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
31+
with:
32+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
33+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
34+
owner: github
35+
repositories: docs-internal,docs-engineering
2836

2937
- uses: ./.github/actions/node-npm-setup
3038

3139
- name: Run src/ghes-releases/scripts/update-enterprise-dates.ts
3240
run: npm run update-enterprise-dates
3341
env:
34-
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
42+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
3543

3644
- name: Create pull request
3745
id: create-pull-request
@@ -41,7 +49,7 @@ jobs:
4149
HUSKY: '0'
4250
with:
4351
# need to use a token with repo and workflow scopes for this step
44-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
52+
token: ${{ steps.app-token.outputs.token }}
4553
commit-message: '🤖 ran src/ghes-releases/scripts/update-enterprise-dates.ts'
4654
title: 🤖 src/ghes-releases/lib/enterprise-dates.json update
4755
body:
@@ -54,7 +62,7 @@ jobs:
5462
- name: Enable GitHub auto-merge
5563
if: ${{ steps.create-pull-request.outputs.pull-request-number }}
5664
env:
57-
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
65+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
5866
AUTOMERGE_PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
5967
run: npm run enable-automerge
6068

@@ -77,4 +85,4 @@ jobs:
7785
- uses: ./.github/actions/create-workflow-failure-issue
7886
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
7987
with:
80-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
88+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/enterprise-release-issue.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,18 +20,26 @@ jobs:
2020
steps:
2121
- name: Checkout repository code
2222
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
23+
- name: Generate GitHub App token
24+
id: app-token
25+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
26+
with:
27+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
28+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
29+
owner: github
30+
repositories: docs-content,docs-engineering
2331

2432
- uses: ./.github/actions/node-npm-setup
2533

2634
- name: Create an enterprise release issue
2735
run: npm run create-enterprise-issue -- release
2836
env:
29-
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
37+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
3038

3139
- name: Create an enterprise deprecation issue
3240
run: npm run create-enterprise-issue -- deprecation
3341
env:
34-
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
42+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
3543

3644
- uses: ./.github/actions/slack-alert
3745
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
@@ -41,4 +49,4 @@ jobs:
4149
- uses: ./.github/actions/create-workflow-failure-issue
4250
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
4351
with:
44-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
52+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/index-general-search.yml

Lines changed: 31 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,15 @@ jobs:
4949
outputs:
5050
matrix: ${{ steps.set-matrix.outputs.result }}
5151
steps:
52+
- name: Generate GitHub App token
53+
id: app-token
54+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
55+
with:
56+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
57+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
58+
owner: github
59+
repositories: docs-engineering
60+
5261
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
5362
id: set-matrix
5463
with:
@@ -102,7 +111,7 @@ jobs:
102111
- uses: ./.github/actions/create-workflow-failure-issue
103112
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
104113
with:
105-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
114+
token: ${{ steps.app-token.outputs.token }}
106115

107116
updateElasticsearchIndexes:
108117
needs: figureOutMatrix
@@ -126,20 +135,28 @@ jobs:
126135
steps:
127136
- name: Check out repo
128137
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
138+
- name: Generate GitHub App token
139+
id: app-token
140+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
141+
with:
142+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
143+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
144+
owner: github
145+
repositories: docs-internal-data,docs-internal.es-es,docs-internal.ja-jp,docs-internal.pt-br,docs-internal.zh-cn,docs-internal.ru-ru,docs-internal.fr-fr,docs-internal.ko-kr,docs-internal.de-de,docs-engineering
129146

130147
- name: Clone docs-internal-data
131148
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
132149
with:
133150
repository: github/docs-internal-data
134151
# This works because user `docs-bot` has read access to that private repo.
135-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
152+
token: ${{ steps.app-token.outputs.token }}
136153
path: docs-internal-data
137154

138155
- name: Clone all translations
139156
if: ${{ matrix.language != 'en' }}
140157
uses: ./.github/actions/clone-translations
141158
with:
142-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
159+
token: ${{ steps.app-token.outputs.token }}
143160

144161
- uses: ./.github/actions/node-npm-setup
145162

@@ -249,7 +266,7 @@ jobs:
249266
- uses: ./.github/actions/create-workflow-failure-issue
250267
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
251268
with:
252-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
269+
token: ${{ steps.app-token.outputs.token }}
253270

254271
notifyScrapingFailures:
255272
name: Notify scraping failures
@@ -259,6 +276,14 @@ jobs:
259276
steps:
260277
- name: Check out repo
261278
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
279+
- name: Generate GitHub App token
280+
id: app-token
281+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
282+
with:
283+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
284+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
285+
owner: github
286+
repositories: docs-engineering
262287

263288
- name: Download all failure artifacts
264289
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
@@ -294,7 +319,7 @@ jobs:
294319
- name: Comment on or create scraping failure issue
295320
if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' && fromJSON(steps.aggregate.outputs.result || '{"hasFailures":false}').hasFailures }}
296321
env:
297-
GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
322+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
298323
FAILURE_MESSAGE: ${{ fromJSON(steps.aggregate.outputs.result || '{"message":""}').message }}
299324
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
300325
FILE_URL: ${{ github.server_url }}/${{ github.repository }}/blob/main/.github/workflows/index-general-search.yml
@@ -393,4 +418,4 @@ jobs:
393418
- uses: ./.github/actions/create-workflow-failure-issue
394419
if: ${{ failure() }}
395420
with:
396-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
421+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/keep-caches-warm.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,14 @@ jobs:
3030
steps:
3131
- name: Check out repo
3232
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
33+
- name: Generate GitHub App token
34+
id: app-token
35+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
36+
with:
37+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
38+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
39+
owner: github
40+
repositories: docs-engineering
3341

3442
- uses: ./.github/actions/node-npm-setup
3543

@@ -52,4 +60,4 @@ jobs:
5260
- uses: ./.github/actions/create-workflow-failure-issue
5361
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
5462
with:
55-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
63+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/link-check-external.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,14 @@ jobs:
2121
steps:
2222
- name: Checkout
2323
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
24+
- name: Generate GitHub App token
25+
id: app-token
26+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
27+
with:
28+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
29+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
30+
owner: github
31+
repositories: docs-content,docs-engineering
2432

2533
- uses: ./.github/actions/node-npm-setup
2634

@@ -71,7 +79,7 @@ jobs:
7179
if: always() && steps.check_report.outputs.has_report == 'true'
7280
uses: peter-evans/create-issue-from-file@65115121ba9a3573cbaded4dc66b90ba1f9b69dc
7381
with:
74-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
82+
token: ${{ steps.app-token.outputs.token }}
7583
repository: github/docs-content
7684
title: '🌐 Broken External Links Report'
7785
content-filepath: artifacts/external-link-report.md
@@ -85,4 +93,4 @@ jobs:
8593
- uses: ./.github/actions/create-workflow-failure-issue
8694
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
8795
with:
88-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
96+
token: ${{ steps.app-token.outputs.token }}

.github/workflows/link-check-github-github.yml

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,6 @@ jobs:
1717
if: github.repository == 'github/docs-internal'
1818
runs-on: ubuntu-latest
1919
env:
20-
# need to use a token from a user with access to github/github for this step
21-
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
2220
REPORT_AUTHOR: docs-bot
2321
REPORT_LABEL: github github broken link report,workflow-generated
2422
REPORT_REPOSITORY: github/docs-content
@@ -28,12 +26,20 @@ jobs:
2826
with:
2927
# To prevent issues with cloning early access content later
3028
persist-credentials: 'false'
29+
- name: Generate GitHub App token
30+
id: app-token
31+
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
32+
with:
33+
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
34+
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
35+
owner: github
36+
repositories: docs-content,docs-early-access,github,docs-engineering
3137

3238
- uses: ./.github/actions/node-npm-setup
3339

3440
- uses: ./.github/actions/get-docs-early-access
3541
with:
36-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
42+
token: ${{ steps.app-token.outputs.token }}
3743

3844
- name: Build server
3945
run: npm run build
@@ -65,7 +71,7 @@ jobs:
6571
id: github-github-broken-link-report
6672
uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710
6773
with:
68-
token: ${{ env.GITHUB_TOKEN }}
74+
token: ${{ steps.app-token.outputs.token }}
6975
title: ${{ steps.check.outputs.title }}
7076
content-filepath: ./broken_github_github_links.md
7177
repository: ${{ env.REPORT_REPOSITORY }}
@@ -79,4 +85,4 @@ jobs:
7985
- uses: ./.github/actions/create-workflow-failure-issue
8086
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
8187
with:
82-
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
88+
token: ${{ steps.app-token.outputs.token }}

0 commit comments

Comments
 (0)