ci: unify bot automation on the shared GitHub App

Point contributors.yml at the shared app via client-id (was the old hackbrowserdata-bot app), and replace the long-lived Homebrew PAT with a short-lived app token scoped to homebrew-tap for the formula push.
This commit is contained in:
moonD4rk
2026-07-05 00:46:09 +08:00
parent 29561b23e6
commit f8e34d50b6
3 changed files with 15 additions and 6 deletions
+2 -2
View File
@@ -18,8 +18,8 @@ jobs:
uses: actions/create-github-app-token@v3
id: app-token
with:
app-id: ${{ secrets.HACKBROWSERDATA_BOT_APP_ID }}
private-key: ${{ secrets.HACKBROWSERDATA_BOT_PRIVATE_KEY }}
client-id: ${{ vars.MOOND4RK_CI_RELEASE_APP_CLIENT_ID }}
private-key: ${{ secrets.MOOND4RK_CI_RELEASE_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@v7
+11 -2
View File
@@ -51,6 +51,15 @@ jobs:
- name: Build ABE payload
run: make payload
- name: Mint homebrew-tap token
id: tap-token
uses: actions/create-github-app-token@v3
with:
client-id: ${{ vars.MOOND4RK_CI_RELEASE_APP_CLIENT_ID }}
private-key: ${{ secrets.MOOND4RK_CI_RELEASE_APP_PRIVATE_KEY }}
owner: moonD4rk
repositories: homebrew-tap
- name: Create and push tag
if: inputs.mode == 'release'
env:
@@ -75,7 +84,7 @@ jobs:
args: release --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }}
- name: Run GoReleaser (release)
if: inputs.mode == 'release'
@@ -85,7 +94,7 @@ jobs:
args: release --clean ${{ inputs.draft && '--draft' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }}
- name: Upload snapshot artifacts
if: inputs.mode == 'snapshot'