feat(releases): Update docs to use GitHub App instead of service acco…

…unt PAT (#11805) * use Github App instead of PAT * include instructions for creating rulesets * fix syntaxs * Move the json file to the public folder * Testing * dummy commit to trigger build on docs site * revert dummy change * fix the link to json file * Apply suggestions from code review Co-authored-by: Liza Mock <[email protected]> * fix the link * update the action app version * not required codeowner review by default * update default ruleset to include `release-bot` team for getsentry-bot --------- Co-authored-by: Liza Mock <[email protected]>
getsentry · Dec 4, 2024 · c2a1f13 · c2a1f13
1 parent 4ebe9bf
commit c2a1f13
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 4 deletions.
diff --git a/develop-docs/sdk/processes/releases.mdx b/develop-docs/sdk/processes/releases.mdx
@@ -84,7 +84,7 @@ Nice!
 
 This file is used to trigger the release from the GitHub UI.
 
-You'll notice it uses `secrets.GH_RELEASE_PAT` -- this should already be
+You'll notice it uses `vars.SENTRY_RELEASE_BOT_CLIENT_ID` and `secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY` -- these should be
 available to your repository automatically!
 
 ```yaml
@@ -105,14 +105,20 @@ jobs:
     runs-on: ubuntu-latest
     name: "Release a new version"
     steps:
+      - name: Get auth token
+        id: token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        with:
+          app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
       - uses: actions/checkout@v3
         with:
-          token: ${{ secrets.GH_RELEASE_PAT }}
+          token: ${{ steps.token.outputs.token }}
           fetch-depth: 0
       - name: Prepare release
         uses: getsentry/action-prepare-release@v1
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_RELEASE_PAT }}
+          GITHUB_TOKEN: ${{ steps.token.outputs.token }}
         with:
           version: ${{ github.event.inputs.version }}
           force: ${{ github.event.inputs.force }}
@@ -132,11 +138,16 @@ Here's [an example PR] and the [follow-up to fix `fetch-depth`].
 Give the following teams access to your repository:
 
 - `engineering` -> `write`
-- `release-bot` -> `elevated bot`
 
 You can do this self-service via the settings page of your repository:
 `https://github.com/getsentry/REPONAME_HERE/settings/access`
 
+## Create Ruleset for the Repo
+
+Download and save the [default ruleset template](/json/Default_ruleset.json) as a JSON file.
+
+Visit the ruleset setting page of your repository: `https://github.com/getsentry/REPONAME_HERE/settings/rules`, click on the green **New ruleset** button, choose **Import a ruleset**, and select the JSON file you just downloaded. You can tweak the ruleset settings, but please don't remove the App in the Bypass List.
+
 ## Making Your First Release!
 
 Navigate to the actions tab of your repository, locate the release workflow,

diff --git a/public/json/Default_ruleset.json b/public/json/Default_ruleset.json
@@ -0,0 +1,45 @@
+{
+  "name": "Default",
+  "target": "branch",
+  "source_type": "Repository",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "~DEFAULT_BRANCH"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "pull_request",
+      "parameters": {
+        "required_approving_review_count": 1,
+        "dismiss_stale_reviews_on_push": false,
+        "require_code_owner_review": false,
+        "require_last_push_approval": false,
+        "required_review_thread_resolution": false,
+        "automatic_copilot_code_review_enabled": false
+      }
+    },
+    {
+      "type": "deletion"
+    },
+    {
+      "type": "non_fast_forward"
+    }
+  ],
+  "bypass_actors": [
+    {
+      "actor_id": 988504,
+      "actor_type": "Integration",
+      "bypass_mode": "always"
+    },
+    {
+      "actor_id": 4687313,
+      "actor_type": "Team",
+      "bypass_mode": "always"
+    }
+  ]
+}