From f8e34d50b6ab56ba8a2ed5d080560a5738fee1b5 Mon Sep 17 00:00:00 2001 From: moonD4rk Date: Sun, 5 Jul 2026 00:46:09 +0800 Subject: [PATCH] ci: unify bot automation on the shared GitHub App Point contributors.yml at the shared app via client-id (was the old hackbrowserdata-bot app), and replace the long-lived Homebrew PAT with a short-lived app token scoped to homebrew-tap for the formula push. --- .github/workflows/contributors.yml | 4 ++-- .github/workflows/release.yml | 13 +++++++++++-- .goreleaser.yml | 4 ++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 6f9654d..a996bc0 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -18,8 +18,8 @@ jobs: uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ secrets.HACKBROWSERDATA_BOT_APP_ID }} - private-key: ${{ secrets.HACKBROWSERDATA_BOT_PRIVATE_KEY }} + client-id: ${{ vars.MOOND4RK_CI_RELEASE_APP_CLIENT_ID }} + private-key: ${{ secrets.MOOND4RK_CI_RELEASE_APP_PRIVATE_KEY }} - name: Checkout uses: actions/checkout@v7 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 82e91ba..cfd32d5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -51,6 +51,15 @@ jobs: - name: Build ABE payload run: make payload + - name: Mint homebrew-tap token + id: tap-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ vars.MOOND4RK_CI_RELEASE_APP_CLIENT_ID }} + private-key: ${{ secrets.MOOND4RK_CI_RELEASE_APP_PRIVATE_KEY }} + owner: moonD4rk + repositories: homebrew-tap + - name: Create and push tag if: inputs.mode == 'release' env: @@ -75,7 +84,7 @@ jobs: args: release --snapshot --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }} + HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }} - name: Run GoReleaser (release) if: inputs.mode == 'release' @@ -85,7 +94,7 @@ jobs: args: release --clean ${{ inputs.draft && '--draft' || '' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }} + HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }} - name: Upload snapshot artifacts if: inputs.mode == 'snapshot' diff --git a/.goreleaser.yml b/.goreleaser.yml index a9efda8..aefcbc0 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -101,8 +101,8 @@ brews: branch: main token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}" commit_author: - name: "github-actions[bot]" - email: "github-actions[bot]@users.noreply.github.com" + name: "moond4rk-ci[bot]" + email: "299850723+moond4rk-ci[bot]@users.noreply.github.com" commit_msg_template: "brew formula update for {{ .ProjectName }} version {{ .Tag }}" install: | bin.install "hack-browser-data"