@@ -35,10 +35,29 @@ jobs:
3535env :
3636 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
3737
38+ - name : Create GitHub App installation token (website repo)
39+ id : app_token
40+ uses : actions/create-github-app-token@v2
41+ with :
42+ app-id : ${{ vars.MV_REPO_AUTH_APP_ID }}
43+ private-key : ${{ secrets.MV_REPO_AUTH_PVT_KEY }}
44+ owner : ManiVaultStudio
45+ repositories : manivaultstudio.github.io # ensure the App is installed on this repo with Contents: write
46+
47+ # quick sanity: token can read the repo
48+ - name : Sanity check token can read website repo
49+ env :
50+ APP_TOKEN : ${{ steps.app_token.outputs.token }}
51+ run : |
52+ git ls-remote https://x-access-token:${APP_TOKEN}@github.com/ManiVaultStudio/manivaultstudio.github.io.git HEAD
53+
54+ # clone with the app token (note the x-access-token:<token>@ form)
3855 - name : Clone manivaultstudio.github.io (feature branch)
56+ env :
57+ APP_TOKEN : ${{ steps.app_token.outputs.token }}
3958 run : |
4059 git clone --branch ft/test-plugin-push \
41- https://x-access-token:${{ secrets.TEST_GH_PAGES_DEPLOY_TOKEN } }@github.com/ManiVaultStudio/manivaultstudio.github.io.git \
60+ https://x-access-token:${APP_TOKEN }@github.com/ManiVaultStudio/manivaultstudio.github.io.git \
4261 target-repo
4362 cp "${REPO_NAME_LC}.md" target-repo/_plugins/
4463 if [ -f "target-repo/_plugins/${REPO_NAME_LC}.md" ]; then
@@ -49,10 +68,12 @@ jobs:
4968 fi # quick sanity
5069
5170name : Commit and push
71+ env :
72+ APP_TOKEN : ${{ steps.app_token.outputs.token }}
5273 run : |
5374 cd target-repo
54- git config user.name "ManiVault Bot "
55- git config user.email "bot@manivault.studio "
75+ git config user.name "manivault-bot[app] "
76+ git config user.email "manivault- bot@users.noreply.github.com "
5677 git add "_plugins/${REPO_NAME_LC}.md"
5778 git commit -m "🔄 Auto-update plugin card from ${REPO_NAME}"
5879 git push origin ft/test-plugin-push
0 commit comments