Changeset 60065

Timestamp:

03/21/2025 06:00:25 PM (4 months ago)

Author:

desrosj

Message:

Build/Test Tools: Re-add GitHub App.

Without this, workflow runs are not triggered by commits made by the workflow.

Follow up to [59983], [60052], [60059], [60063], [60064].

See #62221.

File:

• trunk/.github/workflows/commit-built-file-changes.yml (modified) (4 diffs)

trunk/.github/workflows/commit-built-file-changes.yml

@@ -25 +25 @@
   # - Checks for the existence of an artifact.
   # - Unzips the artifact.
+  # - Generates a token for authenticating with the GitHub App.
   # - Checks out the repository.
   # - Applies the patch file.
@@ -84 +85 @@
         run: unzip pr-built-file-changes.zip
 
+      - name: Generate Installation Token
+        id: generate_token
+        if: ${{ steps.artifact-check.outputs.exists == 'true' }}
+        env:
+          GH_APP_ID: ${{ secrets.GH_PR_BUILT_FILES_APP_ID }}
+          GH_APP_PRIVATE_KEY: ${{ secrets.GH_PR_BUILT_FILES_PRIVATE_KEY }}
+        run: |
+          echo "$GH_APP_PRIVATE_KEY" > private-key.pem
+
+          # Generate JWT
+          JWT=$(python3 - <<EOF
+          import jwt, time
+          private_key = open("private-key.pem", "r").read()
+          payload = {
+              "iat": int(time.time()),
+              "exp": int(time.time()) + 600,  # 10-minute expiration
+              "iss": $GH_APP_ID
+          }
+          print(jwt.encode(payload, private_key, algorithm="RS256"))
+          EOF
+          )
+
+          # Get Installation ID
+          INSTALLATION_ID=$(curl -s -X GET -H "Authorization: Bearer $JWT" \
+            -H "Accept: application/vnd.github.v3+json" \
+            https://api.github.com/app/installations | jq -r '.[0].id')
+
+          # Request Installation Access Token
+          ACCESS_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $JWT" \
+            -H "Accept: application/vnd.github.v3+json" \
+            "https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens" | jq -r '.token')
+
+          echo "ACCESS_TOKEN=$ACCESS_TOKEN" >> "$GITHUB_ENV"
+
+          rm -f private-key.pem
+
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -92 +129 @@
           path: 'pr-repo'
           show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
+          token: ${{ env.ACCESS_TOKEN }}
 
       - name: Apply patch
@@ -106 +144 @@
         if: ${{ steps.artifact-check.outputs.exists == 'true' }}
         working-directory: 'pr-repo'
+        env:
+          GH_APP_ID: ${{ secrets.GH_PR_BUILT_FILES_APP_ID }}
         run: |
-          git config user.name "WordPress Build Script Bot[bot]"
-          git config user.email wordpress@users.noreply.github.com
+          git config user.name "wordpress-develop-pr-bot[bot]"
+          git config user.email ${{ env.GH_APP_ID }}+wordpress-develop-pr-bot[bot]@users.noreply.github.com
 
       - name: Stage changes