From 977e2e360ade40104ddf9c1fe5eb4e4c15f482cb Mon Sep 17 00:00:00 2001 From: Kelly Sovacool Date: Tue, 10 Mar 2026 10:13:07 -0400 Subject: [PATCH 1/2] ci: use gh app to generate token rather than classic token --- .github/workflows/sync-forks.yml | 43 +++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-forks.yml b/.github/workflows/sync-forks.yml index a675b47..70f865b 100644 --- a/.github/workflows/sync-forks.yml +++ b/.github/workflows/sync-forks.yml @@ -12,9 +12,6 @@ permissions: contents: write env: - # Token must be created by someone with write access for all forks. - # Be sure to 'configure SSO' from the token creation page for each fork organization. - GH_TOKEN: ${{ secrets.SYNC_FORK_TOKEN }} UPSTREAM_OWNER: CCBR jobs: @@ -51,7 +48,17 @@ jobs: - MAPLE - LOGAN steps: + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CCBR_BOT_APP_ID }} + private-key: ${{ secrets.CCBR_BOT_PRIVATE_KEY }} + owner: ${{ matrix.FORK_OWNER }} + - name: sync forked repos + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh repo sync ${{ matrix.FORK_OWNER }}/${{ matrix.REPO }} --source $UPSTREAM_OWNER/${{ matrix.REPO }} --force @@ -63,7 +70,17 @@ jobs: FORK_OWNER: [NCIPangea] REPO: [ASPEN, CARLISLE, CHAMPAGNE, CRISPIN, RENEE, XAVIER] steps: + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CCBR_BOT_APP_ID }} + private-key: ${{ secrets.CCBR_BOT_PRIVATE_KEY }} + owner: ${{ matrix.FORK_OWNER }} + - name: sync forked repos + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh repo sync ${{ matrix.FORK_OWNER }}/${{ matrix.REPO }} --source $UPSTREAM_OWNER/${{ matrix.REPO }} --force @@ -83,7 +100,17 @@ jobs: - DSP_Analysis steps: + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CCBR_BOT_APP_ID }} + private-key: ${{ secrets.CCBR_BOT_PRIVATE_KEY }} + owner: ${{ matrix.FORK_OWNER }} + - name: sync forked repos + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh repo sync ${{ matrix.FORK_OWNER }}/${{ matrix.REPO }} --source $UPSTREAM_OWNER/${{ matrix.REPO }} --force @@ -103,6 +130,16 @@ jobs: UPSTREAM_OWNER: NCI-CCDI FORK_OWNER: abcsFrederick steps: + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CCBR_BOT_APP_ID }} + private-key: ${{ secrets.CCBR_BOT_PRIVATE_KEY }} + owner: ${{ matrix.FORK_OWNER }} + - name: sync forked repos + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh repo sync ${{ matrix.FORK_OWNER }}/${{ matrix.REPO }} --source ${{matrix.UPSTREAM_OWNER}}/${{ matrix.REPO }} --force From 988c9be3d0eda0c3180dcc7cc06735c2a2ff93c9 Mon Sep 17 00:00:00 2001 From: Kelly Sovacool Date: Tue, 10 Mar 2026 12:49:00 -0400 Subject: [PATCH 2/2] ci: remove permfix (internal) --- .github/workflows/sync-forks.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/sync-forks.yml b/.github/workflows/sync-forks.yml index 70f865b..9546a05 100644 --- a/.github/workflows/sync-forks.yml +++ b/.github/workflows/sync-forks.yml @@ -39,7 +39,6 @@ jobs: - l2p - METRO - MAAPSTER - - permfix - pyrkit - rNA - SINCLAIR