feat: replace PAT to github app (autowarefoundation#756)

* feat: replacerepos token to github apps * feat: replace in docker * fix: typo * feat: add x-access-token * style(pre-commit): autofix --------- Co-authored-by: Naophis <Naophis@users.noreply.github.com>
sensefield · Mar 14, 2024 · f47f98b · f47f98b
1 parent 0f994a1
commit f47f98b
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/.github/workflows/create-base-image.yaml b/.github/workflows/create-base-image.yaml
@@ -26,6 +26,13 @@ jobs:
           echo "WORKSPACE_ROOT=$(pwd)" >> $GITHUB_ENV
           echo "CREATE_DATE=$(date +'%Y%m%d_%H%M(%Z)')" >> $GITHUB_ENV
 
+      - name: Generate token
+        id: generate-token
+        uses: tibdex/github-app-token@v1
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.PRIVATE_KEY }}
+
       - name: Set tag name
         id: set-tag-name
         run: |
@@ -71,7 +78,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           logout: false
           registry: ghcr.io
@@ -83,13 +90,13 @@ jobs:
           git config user.name github-actions
           git config user.email github-actions@github.com
           git config --local --unset-all http.https://github.com/.extraheader || true
-          git config --global url.https://x-access-token:${{ secrets.REPO_TOKEN }}@github.com/.insteadOf 'https://github.com/'
-          git config --global url.https://x-access-token:${{ secrets.REPO_TOKEN }}@github.com/.insteadOf 'git@github.com:'
+          git config --global url.https://x-access-token:${{ steps.generate-token.outputs.token }}@github.com/.insteadOf 'https://github.com/'
+          git config --global url.https://x-access-token:${{ steps.generate-token.outputs.token }}@github.com/.insteadOf 'git@github.com:'
 
       - name: Create token file
         run: |
           touch github_token
-          echo "${{ secrets.REPO_TOKEN }}" >> github_token
+          echo "${{ steps.generate-token.outputs.token }}" >> github_token
         shell: bash
 
       - name: Build and push
@@ -105,7 +112,7 @@ jobs:
             ghcr.io/${{ github.repository }}/base-image:${{ steps.set-tag-name.outputs.tag-name }}
           build-args: |
             DESCRIPTION=${{ steps.set-description.outputs.img-description }}
-            REPO_TOKEN=${{ secrets.REPO_TOKEN }}
+            GITHUB_TOKEN=${{ steps.generate-token.outputs.token }}
             BASE_IMAGE=${{ env.BASE_IMAGE }}
             ROS_DISTRO=${{ env.ROS_DISTRO }}
             SETUP_ARGS=${{ env.SETUP_ARGS }}
diff --git a/.github/workflows/setup-local-dev-env.yaml b/.github/workflows/setup-local-dev-env.yaml
@@ -9,7 +9,7 @@ jobs:
 
   setup-local-dev-env:
     needs: load-env
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-m
     container: ${{ needs.load-env.outputs.base-image }}
     steps:
       - name: Check out repository

diff --git a/docker/pilot-auto/Dockerfile.bi b/docker/pilot-auto/Dockerfile.bi
@@ -7,7 +7,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 ARG ROS_DISTRO
 ARG SETUP_ARGS
-ARG REPO_TOKEN
+ARG GITHUB_TOKEN
 ARG DESCRIPTION
 
 LABEL org.opencontainers.image.description=$DESCRIPTION
@@ -35,7 +35,7 @@ RUN --mount=type=ssh ./setup-dev-env.sh -y $SETUP_ARGS \
   && pip uninstall -y ansible ansible-core
 
 RUN sed -i "s/git@github\.com:/https:\/\/github\.com\//g" ./autoware.repos \
-  && sed -i "s/https:\/\/github.com/https:\/\/$REPO_TOKEN@github.com/g" ./autoware.repos \
+  && sed -i "s/https:\/\/github.com/https:\/\/x-access-token:$GITHUB_TOKEN@github.com/g" ./autoware.repos \
   && cat ./autoware.repos \
   && mkdir -p src