From 4af9797aa9b9906bc607bc0ea2108cd5c309e000 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Wed, 6 Sep 2023 14:03:22 +0100 Subject: [PATCH 1/3] Use token to clone repository Use the bot token to clone the repository. --- .github/workflows/on-push-do-docs.yml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/on-push-do-docs.yml b/.github/workflows/on-push-do-docs.yml index 78bf38102f0..8a6a2ff8c98 100644 --- a/.github/workflows/on-push-do-docs.yml +++ b/.github/workflows/on-push-do-docs.yml @@ -15,8 +15,20 @@ jobs: runs-on: ubuntu-latest steps: + + - name: Generate GitHub application token + if: steps.update-docs.outputs.updated-docs == 'true' + id: generate-application-token + uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db # v2.1.0 + with: + application_id: ${{ secrets.POLLY_UPDATER_BOT_APP_ID }} + application_private_key: ${{ secrets.POLLY_UPDATER_BOT_KEY }} + permissions: "contents:write, pull_requests:write" + - name: Checkout code uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + token: ${{ steps.generate-application-token.outputs.token }} - name: Setup .NET SDK uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 @@ -64,15 +76,6 @@ jobs: git push -u origin $BranchName "updated-docs=true" >> $env:GITHUB_OUTPUT - - name: Generate GitHub application token - if: steps.update-docs.outputs.updated-docs == 'true' - id: generate-application-token - uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db # v2.1.0 - with: - application_id: ${{ secrets.POLLY_UPDATER_BOT_APP_ID }} - application_private_key: ${{ secrets.POLLY_UPDATER_BOT_KEY }} - permissions: "contents:write, pull_requests:write" - - name: Create pull request if: steps.update-docs.outputs.updated-docs == 'true' uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 From 09b0fe8e4bc965a91207a6990a78809ad73ca1d2 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Wed, 6 Sep 2023 14:05:16 +0100 Subject: [PATCH 2/3] Remove condition Should have been removed in the previous commit. --- .github/workflows/on-push-do-docs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/on-push-do-docs.yml b/.github/workflows/on-push-do-docs.yml index 8a6a2ff8c98..05196625e3b 100644 --- a/.github/workflows/on-push-do-docs.yml +++ b/.github/workflows/on-push-do-docs.yml @@ -17,7 +17,6 @@ jobs: steps: - name: Generate GitHub application token - if: steps.update-docs.outputs.updated-docs == 'true' id: generate-application-token uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db # v2.1.0 with: From b029d75c54c634acf947908e47290abe8623b2be Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Wed, 6 Sep 2023 14:09:44 +0100 Subject: [PATCH 3/3] Remove GITHUB_TOKEN permissions We shouldn't need GITHUB_TOKEN to have any permissions if we only use the bot. --- .github/workflows/on-push-do-docs.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/on-push-do-docs.yml b/.github/workflows/on-push-do-docs.yml index 05196625e3b..dc3dcf1e768 100644 --- a/.github/workflows/on-push-do-docs.yml +++ b/.github/workflows/on-push-do-docs.yml @@ -6,8 +6,7 @@ on: paths: [ "src/Snippets/**" ] workflow_dispatch: -permissions: - contents: read +permissions: {} jobs: update-docs: