diff --git a/.github/workflows/build_to_archive.yml b/.github/workflows/build_to_archive.yml index b5960d5d942..76d84a4af86 100644 --- a/.github/workflows/build_to_archive.yml +++ b/.github/workflows/build_to_archive.yml @@ -21,20 +21,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v3 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/secrets" + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + permission-contents: write + repositories: | + cloudstream-archive + secrets - - name: Generate access token (archive) - id: generate_archive_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/cloudstream-archive" + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - uses: actions/checkout@v6 @@ -52,8 +54,8 @@ jobs: run: | TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore.jks" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore_password.txt" KEY_PWD="$(cat keystore_password.txt)" echo "::add-mask::${KEY_PWD}" echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT @@ -75,9 +77,9 @@ jobs: - uses: actions/checkout@v6 with: - repository: "recloudstream/cloudstream-archive" - token: ${{ steps.generate_archive_token.outputs.token }} - path: "archive" + repository: ${{ github.repository_owner }}/cloudstream-archive + token: ${{ steps.app-token.outputs.token }} + path: archive - name: Move build run: cp app/build/outputs/apk/prerelease/release/*.apk "archive/$(git rev-parse --short HEAD).apk" @@ -85,8 +87,8 @@ jobs: - name: Push archive run: | cd $GITHUB_WORKSPACE/archive - git config --local user.email "actions@github.com" - git config --local user.name "GitHub Actions" + git config --local user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git config --local user.name '${{ steps.app-token.outputs.app-slug }}[bot]' git add . - git commit --amend -m "Build $GITHUB_SHA" || exit 0 # do not error if nothing to commit + git commit -m "Build $GITHUB_SHA" || exit 0 # do not error if nothing to commit git push --force diff --git a/.github/workflows/generate_dokka.yml b/.github/workflows/generate_dokka.yml index d67b8a519d7..a3003df0606 100644 --- a/.github/workflows/generate_dokka.yml +++ b/.github/workflows/generate_dokka.yml @@ -18,24 +18,32 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v3 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/dokka" + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + permission-contents: write + repositories: dokka + + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Checkout uses: actions/checkout@v6 with: - path: "src" + path: src - name: Checkout dokka uses: actions/checkout@v6 with: - repository: "recloudstream/dokka" - path: "dokka" - token: ${{ steps.generate_token.outputs.token }} + repository: ${{ github.repository_owner }}/dokka + token: ${{ steps.app-token.outputs.token }} + path: dokka - name: Clean old builds run: | @@ -67,8 +75,8 @@ jobs: run: | cd $GITHUB_WORKSPACE/dokka touch .nojekyll - git config --local user.email "111277985+recloudstream[bot]@users.noreply.github.com" - git config --local user.name "recloudstream[bot]" + git config --local user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git config --local user.name '${{ steps.app-token.outputs.app-slug }}[bot]' git add . - git commit --amend -m "Generate dokka for recloudstream/cloudstream@${GITHUB_SHA}" || exit 0 # do not error if nothing to commit + git commit -m "Generate dokka for ${GITHUB_REPOSITORY}@${GITHUB_SHA}" || exit 0 # do not error if nothing to commit git push --force diff --git a/.github/workflows/issue_action.yml b/.github/workflows/issue_action.yml index e354d657d50..13d1950bcb3 100644 --- a/.github/workflows/issue_action.yml +++ b/.github/workflows/issue_action.yml @@ -13,17 +13,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v3 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + permission-contents: read + permission-issues: write - name: Similarity analysis id: similarity uses: actions-cool/issues-similarity-analysis@v1 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} filter-threshold: 0.60 title-excludes: '' comment-title: | @@ -35,7 +37,7 @@ jobs: if: steps.similarity.outputs.similar-issues-found =='true' uses: actions/github-script@v9 with: - github-token: ${{ steps.generate_token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token }} script: | github.rest.issues.addLabels({ issue_number: context.issue.number, @@ -49,7 +51,7 @@ jobs: - name: Automatically close issues that dont follow the issue template uses: lucasbento/auto-close-issues@v1.0.2 with: - github-token: ${{ steps.generate_token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token }} issue-close-message: | @${issue.user.login}: hello! :wave: This issue is being automatically closed because it does not follow the issue template." @@ -70,7 +72,7 @@ jobs: uses: actions-cool/issues-helper@v3 with: actions: 'create-comment' - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} body: | Hello ${{ github.event.issue.user.login }}. Please do not report any provider bugs here. This repository does not contain any providers. Please find the appropriate repository and report your issue there or join the [discord](https://discord.gg/5Hus6fM). @@ -81,7 +83,7 @@ jobs: if: steps.provider_check.outputs.name != 'none' uses: actions/github-script@v9 with: - github-token: ${{ steps.generate_token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token }} script: | github.rest.issues.addLabels({ issue_number: context.issue.number, @@ -94,5 +96,5 @@ jobs: uses: actions-cool/emoji-helper@v1.0.0 with: type: 'issue' - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} emoji: 'eyes' diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index d9a20a04b2b..d023af13a71 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -20,12 +20,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v3 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/secrets" + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + permission-contents: read + repositories: secrets - uses: actions/checkout@v6 @@ -43,8 +45,8 @@ jobs: run: | TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore.jks" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore_password.txt" KEY_PWD="$(cat keystore_password.txt)" echo "::add-mask::${KEY_PWD}" echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT diff --git a/.github/workflows/update_locales.yml b/.github/workflows/update_locales.yml index 0a538d5d4da..58a7234b193 100644 --- a/.github/workflows/update_locales.yml +++ b/.github/workflows/update_locales.yml @@ -19,16 +19,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v3 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/cloudstream" + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + permission-contents: write + + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - uses: actions/checkout@v6 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} - name: Install dependencies run: pip3 install lxml requests @@ -38,8 +44,8 @@ jobs: - name: Commit to the repo run: | - git config --local user.email "111277985+recloudstream[bot]@users.noreply.github.com" - git config --local user.name "recloudstream[bot]" + git config --local user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git config --local user.name '${{ steps.app-token.outputs.app-slug }}[bot]' git add . # "echo" returns true so the build succeeds, even if no changed files git commit -m 'chore(locales): fix locale issues' || echo