From 0fff631ad96fc2859f64754969f81a5f1c8c6003 Mon Sep 17 00:00:00 2001 From: He Qian Wang Date: Thu, 27 Mar 2025 14:12:32 -0400 Subject: [PATCH 1/3] [IDP-3130] Add scheduled stable release workflow --- .github/workflows/create-stable-release.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/create-stable-release.yml diff --git a/.github/workflows/create-stable-release.yml b/.github/workflows/create-stable-release.yml new file mode 100644 index 0000000..fa800a4 --- /dev/null +++ b/.github/workflows/create-stable-release.yml @@ -0,0 +1,14 @@ +name: Create stable release + +on: + schedule: + - cron: "0 3 * * 0" # At 03:00 on Sunday + workflow_dispatch: + +jobs: + create-release: + permissions: + contents: write + uses: workleap/wl-reusable-workflows/.github/workflows/create-stable-release.yml@main + secrets: + token: ${{ secrets.RENOVATE_TOKEN }} From 06e0168f9b73a139e55cd5690fcd42654aab5e28 Mon Sep 17 00:00:00 2001 From: He Qian Wang Date: Thu, 27 Mar 2025 14:33:40 -0400 Subject: [PATCH 2/3] [IDP-3130] Add scheduled stable release workflow --- .github/workflows/create-stable-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-stable-release.yml b/.github/workflows/create-stable-release.yml index fa800a4..62a6a77 100644 --- a/.github/workflows/create-stable-release.yml +++ b/.github/workflows/create-stable-release.yml @@ -11,4 +11,4 @@ jobs: contents: write uses: workleap/wl-reusable-workflows/.github/workflows/create-stable-release.yml@main secrets: - token: ${{ secrets.RENOVATE_TOKEN }} + token: ${{ secrets.IDP_AUTOMATION_GITHUB_TOKEN }} From 1fbbfe2c0209419178fd5987e648649a136670fb Mon Sep 17 00:00:00 2001 From: He Qian Wang Date: Thu, 3 Apr 2025 15:38:35 -0400 Subject: [PATCH 3/3] [IDP-3311] Use IDP managed secrets solution for workflows --- .github/workflows/create-stable-release.yml | 3 +-- .github/workflows/jira.yml | 4 +++- .github/workflows/publish.yml | 8 +++++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/create-stable-release.yml b/.github/workflows/create-stable-release.yml index 62a6a77..8a1a544 100644 --- a/.github/workflows/create-stable-release.yml +++ b/.github/workflows/create-stable-release.yml @@ -9,6 +9,5 @@ jobs: create-release: permissions: contents: write + id-token: write uses: workleap/wl-reusable-workflows/.github/workflows/create-stable-release.yml@main - secrets: - token: ${{ secrets.IDP_AUTOMATION_GITHUB_TOKEN }} diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index a85971b..c226737 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -10,4 +10,6 @@ jobs: uses: workleap/wl-reusable-workflows/.github/workflows/reusable-jira-workflow.yml@main with: branch_name: ${{ github.head_ref }} - secrets: inherit + permissions: + contents: read + id-token: write diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 77b0d05..c5d5567 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -40,8 +40,8 @@ jobs: - uses: actions/setup-dotnet@v4 with: - dotnet-version: "8.0.x" - + dotnet-version: "8.0.x" + - run: ./Build.ps1 shell: pwsh env: @@ -53,4 +53,6 @@ jobs: uses: workleap/wl-reusable-workflows/.github/workflows/linearb-deployment.yml@main with: environment: 'release' - secrets: inherit + permissions: + id-token: write + contents: read