diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cbb564f..0f9169a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -29,6 +29,14 @@ jobs: - name: Run type checks run: devbox run typecheck + # https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow + - name: Fetch GitHub token for integration tests + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Run tests run: devbox run test env: @@ -37,9 +45,7 @@ jobs: # The `GITHUB_TOKEN` failed (https://github.com/alexpovel/ancv/actions/runs/4093416643/jobs/7063406195): # # body = b'{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/reference/gists#list-gists-for-a-user"}' - # - # So use a personal token. - GH_TOKEN: ${{ secrets.GH_PERMISSIONLESS_FGAT }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Upload coverage to Codecov uses: codecov/codecov-action@v3 @@ -69,8 +75,17 @@ jobs: tag_name: ${{ steps.release.outputs.tag_name }} steps: + # https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - uses: google-github-actions/release-please-action@v4 id: release + with: + # Token needs: `contents: write`, `pull-requests: write` + token: ${{ steps.app-token.outputs.token }} publish: name: Publish to PyPI