mirror of
https://github.com/nocobase/nocobase
synced 2024-11-15 14:16:26 +00:00
c069fbebd4
* feat(publish): publish pro repos * feat: use app token * chore: add trigger branch * chore: ref main * chore: add owner * chore: change owner * chore: set repos * chore: get repo name * chore: update * chore: update * chore: update * chore: update * chore: update branch * fix: bug * fix: bug * fix: private key * feat: encrypt github app token * fix: bug * fix: token * fix: output * fix: base64 * fix: error * fix: token cut * fix: base64 * fix: repo name * chore: print token * chore: skip token revoke * fix: clone * fix: clone * fix: job * chore: shell bash * fix: ignore * fix: ignore * fix: invalid * fix: branch * fix: bug * fix: jq * fix: jq * fix: jq * fix: remove quotes * fix: directory * fix: directory * chore: update * chore: update * fix: invalid * fix: branch
41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
name: Get nocobase app github token
|
|
|
|
on:
|
|
workflow_call:
|
|
outputs:
|
|
token:
|
|
value: ${{ jobs.get-app-token.outputs.token }}
|
|
user-id:
|
|
value: ${{ jobs.get-app-token.outputs.user-id }}
|
|
app-slug:
|
|
value: ${{ jobs.get-app-token.outputs.app-slug }}
|
|
|
|
jobs:
|
|
get-app-token:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
token: ${{ steps.encrypt-token.outputs.token }}
|
|
app-slug: ${{ steps.app-token.outputs.app-slug }}
|
|
user-id: ${{ steps.get-user-id.outputs.user-id }}
|
|
steps:
|
|
- uses: actions/create-github-app-token@v1
|
|
id: app-token
|
|
with:
|
|
app-id: ${{ vars.NOCOBASE_APP_ID }}
|
|
private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }}
|
|
repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }}
|
|
skip-token-revoke: true
|
|
- name: Encrypt token
|
|
id: encrypt-token
|
|
shell: bash
|
|
run: |
|
|
APP_TOKEN=${{ steps.app-token.outputs.token }};
|
|
BINARY_ENCRYPTED_SECRET=$(echo -n "$APP_TOKEN" | openssl enc -aes-256-cbc -pbkdf2 -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
|
|
ENCRYPTED_SECRET=$(echo -n "$BINARY_ENCRYPTED_SECRET" | base64 -w 0);
|
|
echo "token=$ENCRYPTED_SECRET" >> $GITHUB_OUTPUT
|
|
- name: Get GitHub App User ID
|
|
id: get-user-id
|
|
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|