updated workflow auth from PAT to GitHub App token #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto-update plugin card on website | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [feature/auto_plugininfo_on_website] | |
| paths: | |
| - '.github/workflows/update_plugininfo.yml' | |
| - 'scripts/update_plugininfo.py' | |
| jobs: | |
| update-card: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout this repo (plugin source picked automatically) | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install Python dependencies | |
| run: pip install requests pyyaml | |
| - name: Get repo name (lowercase) and run script | |
| run: | | |
| REPO_NAME=$(basename "${{ github.repository }}") # e.g., Scatterplot | |
| REPO_NAME_LC="${REPO_NAME,,}" # scatterplot | |
| echo "Running from repo: $REPO_NAME" | |
| echo "REPO_NAME=$REPO_NAME" >> $GITHUB_ENV # export for later steps | |
| echo "REPO_NAME_LC=$REPO_NAME_LC" >> $GITHUB_ENV | |
| python scripts/update_plugininfo.py "$REPO_NAME" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create GitHub App installation token (website repo) | |
| id: app_token | |
| uses: actions/create-github-app-token@v2 | |
| with: | |
| app-id: ${{ vars.MV_REPO_AUTH_APP_ID }} | |
| private-key: ${{ secrets.MV_REPO_AUTH_PVT_KEY }} | |
| owner: ManiVaultStudio | |
| repositories: manivaultstudio.github.io # ensure the App is installed on this repo with Contents: write | |
| # quick sanity: token can read the repo | |
| - name: Sanity check token can read website repo | |
| env: | |
| APP_TOKEN: ${{ steps.app_token.outputs.token }} | |
| run: | | |
| git ls-remote https://x-access-token:${APP_TOKEN}@github.com/ManiVaultStudio/manivaultstudio.github.io.git HEAD | |
| # clone with the app token (note the x-access-token:<token>@ form) | |
| - name: Clone manivaultstudio.github.io (feature branch) | |
| env: | |
| APP_TOKEN: ${{ steps.app_token.outputs.token }} | |
| run: | | |
| git clone --branch ft/test-plugin-push \ | |
| https://x-access-token:${APP_TOKEN}@github.com/ManiVaultStudio/manivaultstudio.github.io.git \ | |
| target-repo | |
| cp "${REPO_NAME_LC}.md" target-repo/_plugins/ | |
| if [ -f "target-repo/_plugins/${REPO_NAME_LC}.md" ]; then | |
| echo "Target file ${REPO_NAME_LC}.md found in _plugins/" | |
| else | |
| echo "Target file ${REPO_NAME_LC}.md not found in _plugins/" | |
| exit 1 | |
| fi # quick sanity | |
| - name: Commit and push | |
| env: | |
| APP_TOKEN: ${{ steps.app_token.outputs.token }} | |
| run: | | |
| cd target-repo | |
| git config user.name "manivault-bot[app]" | |
| git config user.email "manivault-bot@users.noreply.github.com" | |
| git add "_plugins/${REPO_NAME_LC}.md" | |
| git commit -m "🔄 Auto-update plugin card from ${REPO_NAME}" | |
| git push origin ft/test-plugin-push |