From d7878e646d860a31e6ec7acb4b94dfa03af9f1ea Mon Sep 17 00:00:00 2001 From: Vit Horacek <36083550+mountiny@users.noreply.github.com> Date: Mon, 2 Oct 2023 13:51:25 +0100 Subject: [PATCH] Revert "Reattempt using OSBotify installation token in actions" --- .../composite/setupGitForOSBotify/action.yml | 25 ++--------------- .github/workflows/cherryPick.yml | 6 ++-- .github/workflows/createNewVersion.yml | 23 ++++----------- .github/workflows/deploy.yml | 28 ++++++------------- .github/workflows/finishReleaseCycle.yml | 20 +++---------- .github/workflows/preDeploy.yml | 2 -- 6 files changed, 24 insertions(+), 80 deletions(-) diff --git a/.github/actions/composite/setupGitForOSBotify/action.yml b/.github/actions/composite/setupGitForOSBotify/action.yml index bacf45cf1ed1..0c06e2f4e169 100644 --- a/.github/actions/composite/setupGitForOSBotify/action.yml +++ b/.github/actions/composite/setupGitForOSBotify/action.yml @@ -1,23 +1,11 @@ -name: "Setup Git for OSBotify" -description: "Setup Git for OSBotify" +name: 'Setup Git for OSBotify' +description: 'Setup Git for OSBotify' inputs: GPG_PASSPHRASE: - description: "Passphrase used to decrypt GPG key" - required: true - OS_BOTIFY_APP_ID: - description: "Application ID for OS Botify" - required: true - OS_BOTIFY_PRIVATE_KEY: - description: "OS Botify's private key" + description: 'Passphrase used to decrypt GPG key' required: true -outputs: - # Do not try to use this for committing code. Use `secrets.OS_BOTIFY_COMMIT_TOKEN` instead - OS_BOTIFY_API_TOKEN: - description: Token to use for GitHub API interactions. - value: ${{ steps.generateToken.outputs.token }} - runs: using: composite steps: @@ -41,10 +29,3 @@ runs: shell: bash if: runner.debug == '1' run: echo "GIT_TRACE=true" >> "$GITHUB_ENV" - - - name: Generate a token - id: generateToken - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a - with: - app_id: ${{ inputs.OS_BOTIFY_APP_ID }} - private_key: ${{ inputs.OS_BOTIFY_PRIVATE_KEY }} diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 995a8f36ab5a..b6558b049647 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -44,14 +44,12 @@ jobs: uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - name: Get previous app version id: getPreviousVersion uses: Expensify/App/.github/actions/javascript/getPreviousVersion@main with: - SEMVER_LEVEL: "PATCH" + SEMVER_LEVEL: 'PATCH' - name: Fetch history of relevant refs run: | @@ -121,7 +119,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - - name: "Announces a CP failure in the #announce Slack room" + - name: 'Announces a CP failure in the #announce Slack room' uses: 8398a7/action-slack@v3 if: ${{ failure() }} with: diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index a693095aaffa..ba907334c595 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -26,18 +26,12 @@ on: LARGE_SECRET_PASSPHRASE: description: Passphrase used to decrypt GPG key required: true + OS_BOTIFY_TOKEN: + description: Token for the OSBotify user + required: true SLACK_WEBHOOK: description: Webhook used to comment in slack required: true - OS_BOTIFY_COMMIT_TOKEN: - description: OSBotify personal access token, used to workaround committing to protected branch - required: true - OS_BOTIFY_APP_ID: - description: Application ID for OS Botify App - required: true - OS_BOTIFY_PRIVATE_KEY: - description: OSBotify private key - required: true jobs: validateActor: @@ -49,7 +43,7 @@ jobs: id: getUserPermissions run: echo "PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission | jq -r '.permission')" >> "$GITHUB_OUTPUT" env: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} createNewVersion: runs-on: macos-latest @@ -71,23 +65,18 @@ jobs: uses: actions/checkout@v3 with: ref: main - # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify - # This is a workaround to allow pushes to a protected branch - token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} + token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup git for OSBotify uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main - id: setupGitForOSBotify with: GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - name: Generate version id: bumpVersion uses: Expensify/App/.github/actions/javascript/bumpVersion@main with: - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }} - name: Commit new version diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c42f3bee617a..f2ff67680940 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,18 +9,16 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/staging' steps: - - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main - id: setupGitForOSBotify - with: - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - - name: Checkout staging branch uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 with: ref: staging - token: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + token: ${{ secrets.OS_BOTIFY_TOKEN }} + + - name: Setup git for OSBotify + uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main + with: + GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - name: Tag version run: git tag "$(npm run print-version --silent)" @@ -32,19 +30,11 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/production' steps: - - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main - id: setupGitForOSBotify - with: - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - - - uses: actions/checkout@v3 - name: Checkout uses: actions/checkout@v3 with: ref: production - token: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup git for OSBotify uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main @@ -59,7 +49,7 @@ jobs: uses: Expensify/App/.github/actions/javascript/getDeployPullRequestList@main with: TAG: ${{ env.PRODUCTION_VERSION }} - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} IS_PRODUCTION_DEPLOY: true - name: Generate Release Body @@ -74,4 +64,4 @@ jobs: tag_name: ${{ env.PRODUCTION_VERSION }} body: ${{ steps.getReleaseBody.outputs.RELEASE_BODY }} env: - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 1ea940f5535c..e2323af2486e 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -12,13 +12,6 @@ jobs: outputs: isValid: ${{ fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) && !fromJSON(steps.checkDeployBlockers.outputs.HAS_DEPLOY_BLOCKERS) }} steps: - - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main - id: setupGitForOSBotify - with: - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - - name: Validate actor is deployer id: isDeployer run: | @@ -28,13 +21,13 @@ jobs: echo "IS_DEPLOYER=false" >> "$GITHUB_OUTPUT" fi env: - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Reopen and comment on issue (not a team member) if: ${{ !fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) }} uses: Expensify/App/.github/actions/javascript/reopenIssueWithComment@main with: - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} ISSUE_NUMBER: ${{ github.event.issue.number }} COMMENT: | Sorry, only members of @Expensify/Mobile-Deployers can close deploy checklists. @@ -45,14 +38,14 @@ jobs: id: checkDeployBlockers uses: Expensify/App/.github/actions/javascript/checkDeployBlockers@main with: - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} ISSUE_NUMBER: ${{ github.event.issue.number }} - name: Reopen and comment on issue (has blockers) if: ${{ fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) && fromJSON(steps.checkDeployBlockers.outputs.HAS_DEPLOY_BLOCKERS || 'false') }} uses: Expensify/App/.github/actions/javascript/reopenIssueWithComment@main with: - GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} ISSUE_NUMBER: ${{ github.event.issue.number }} COMMENT: | This issue either has unchecked items or has not yet been marked with the `:shipit:` emoji of approval. @@ -77,12 +70,9 @@ jobs: token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup Git for OSBotify - id: setupGitForOSBotify uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - name: Update production branch run: | @@ -122,8 +112,6 @@ jobs: uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - name: Update staging branch to trigger staging deploy run: | diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 86fee0fd3de0..186490c7baaf 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -95,8 +95,6 @@ jobs: uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} - name: Update staging branch from main run: |