ci: add permissions for github token refresh-manifests (#159)

It's failing due to missing permissions: https://github.com/FuelLabs/fuel.nix/actions/runs/12919430407 Testing it here: https://github.com/FuelLabs/fuel.nix/actions/runs/12937628058 --------- Co-authored-by: Mike Christopher <mchristopher@users.noreply.github.com>
FuelLabs · Jan 24, 2025 · 6523fa9 · 6523fa9
1 parent 9909e24
commit 6523fa9
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/.github/workflows/refresh-manifests.yml b/.github/workflows/refresh-manifests.yml
@@ -26,10 +26,11 @@ jobs:
           if [[ "${#files[*]}" -ne 0 ]]; then
             nix-instantiate --parse "${files[@]}" >/dev/null
           fi
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: manifests
           path: manifests/
+          overwrite: true
 
   download-manifests-and-nix-build:
     needs: refresh-and-upload-manifests
@@ -42,10 +43,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - run: rm -r manifests
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: manifests
           path: manifests/
+          overwrite: true
       - name: stage manifests for nix build
         run: git add -v manifests
       - uses: cachix/install-nix-action@v22
@@ -60,16 +62,18 @@ jobs:
   download-manifests-and-commit:
     needs: [refresh-and-upload-manifests, download-manifests-and-nix-build]
     runs-on: ubuntu-latest
+    environment: fuel-nix-bot
     steps:
       - uses: actions/checkout@v3
         with:
           persist-credentials: false
           ref: master
       - run: rm -r ./manifests
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: manifests
           path: manifests/
+          overwrite: true
       - name: Check and commit changes
         run: |
           git config --local user.email "action@github.com"
@@ -82,10 +86,16 @@ jobs:
           else
             git commit -m "manifest: update"
           fi
+      - name: Get app credentials
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
       - name: Push changes
         uses: ad-m/github-push-action@master
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ steps.app-token.outputs.token }}
           branch: master
 
   notify-slack-on-failure: