name: Get nocobase app github token on: workflow_call: outputs: token: value: ${{ jobs.get-app-token.outputs.token }} user-id: value: ${{ jobs.get-app-token.outputs.user-id }} app-slug: value: ${{ jobs.get-app-token.outputs.app-slug }} jobs: get-app-token: runs-on: ubuntu-latest outputs: token: ${{ steps.encrypt-token.outputs.token }} app-slug: ${{ steps.app-token.outputs.app-slug }} user-id: ${{ steps.get-user-id.outputs.user-id }} steps: - uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ vars.NOCOBASE_APP_ID }} private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} skip-token-revoke: true - name: Encrypt token id: encrypt-token shell: bash run: | APP_TOKEN=${{ steps.app-token.outputs.token }}; ENCRYPTED_SECRET=$(echo -n "$APP_TOKEN" | openssl enc -aes-256-cbc -pbkdf2 -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}" | base64 -w 0); echo "token=$ENCRYPTED_SECRET" >> $GITHUB_OUTPUT - name: Get GitHub App User ID id: get-user-id run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ steps.app-token.outputs.token }}