Description
The release_golang job currently uses a personal access token (TERRAFORM_CDK_GO_REPO_GITHUB_TOKEN) to push commits and tags to open-constructs/cdk-terrain-go. This PAT belongs to a user account and can expire, as happened recently (#54).
The cdktn-io org already has a GitHub App (team-cdk-terrain, ID 254218809) that is used for automated commits across all cdktn-io repos. Migrating to this app would:
- Eliminate PAT expiration issues
- Provide consistent bot identity (
team-cdk-terrain[bot])
- Align with the pattern used in
cdktn-io/cdktn-repository-manager
Prerequisites
Implementation
Replace the PAT-based auth in the release_golang job with:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
owner: open-constructs
- name: Release
run: npx -p publib publib-golang
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
GIT_USER_NAME: "team-cdk-terrain[bot]"
GIT_USER_EMAIL: "254218809+team-cdk-terrain[bot]@users.noreply.github.com"References
Description
The
release_golangjob currently uses a personal access token (TERRAFORM_CDK_GO_REPO_GITHUB_TOKEN) to push commits and tags toopen-constructs/cdk-terrain-go. This PAT belongs to a user account and can expire, as happened recently (#54).The
cdktn-ioorg already has a GitHub App (team-cdk-terrain, ID254218809) that is used for automated commits across allcdktn-iorepos. Migrating to this app would:team-cdk-terrain[bot])cdktn-io/cdktn-repository-managerPrerequisites
team-cdk-terrainGitHub App on theopen-constructsorg (requires org admin)open-constructs/cdk-terrain-goGH_APP_IDandGH_APP_PRIVATE_KEYsecrets toopen-constructs/cdk-terrainImplementation
Replace the PAT-based auth in the
release_golangjob with:References