@@ -9,29 +9,36 @@ concurrency:
99 group : release
1010 cancel-in-progress : false
1111
12- permissions :
13- contents : write
14- id-token : write
15-
16- env :
17- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
18- NX_NON_NATIVE_HASHER : true
19- NX_CLOUD_ACCESS_TOKEN : ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
20-
2112jobs :
2213 release :
2314 name : Publish packages
2415 runs-on : ubuntu-latest
16+ environment : release
17+ env :
18+ NX_NON_NATIVE_HASHER : true
19+ NX_CLOUD_ACCESS_TOKEN : ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
2520 steps :
21+ - name : Authenticate as "Code PushUp Bot" GitHub App
22+ uses : actions/create-github-app-token@v2
23+ id : app-token
24+ with :
25+ app-id : ${{ vars.GH_APP_ID }}
26+ private-key : ${{ secrets.GH_APP_PRIVATE_KEY }}
27+ - name : Fetch GitHub App's user ID
28+ id : get-user-id
29+ run : echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
30+ env :
31+ GH_TOKEN : ${{ steps.app-token.outputs.token }}
32+ - name : Configure Git user
33+ run : |
34+ git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
35+ git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
2636name : Clone the repository
2737 uses : actions/checkout@v4
2838 with :
2939 fetch-depth : 0
30- - name : Configure Git user
31- # https://github.com/actions/checkout/blob/main/README.md#push-a-commit-using-the-built-in-token
32- run : |
33- git config user.name github-actions[bot]
34- git config user.email 41898282+github-actions[bot]@users.noreply.github.com
40+ token : ${{ steps.app-token.outputs.token }}
41+ persist-credentials : false
3542 - name : Set up Node.js
3643 uses : actions/setup-node@v4
3744 with :
4148 run : npm ci
4249 - name : Version, release and publish packages
4350 run : npx nx release --yes
51+ env :
52+ GH_TOKEN : ${{ steps.app-token.outputs.token }}
0 commit comments