ci(steps): Handle push into protected branch

rizqyfahmi · rizqyfahmi · commit b72d8a10cfc7 · 2025-07-19T22:50:43.000+07:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,4 +1,5 @@
 name: CI Pipeline
+run-name: ${{ github.actor }} is automatically publishing
 
 on:
   push:
@@ -53,6 +54,13 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
+      - name: 'Generate token'
+        id: GENERATE_TOKEN
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -78,8 +86,12 @@ jobs:
         with:
           inputs: "*.tgz"
 
+      - name: Debug auth
+        run: |
+          curl -s -H "Authorization: token ${{ steps.GENERATE_TOKEN.outputs.token }}" https://api.github.com/user
+
       - name: Run Semantic Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.GENERATE_TOKEN.outputs.token }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npx semantic-release
