From 1bdb47d69fc8494cc6ab0fef817f5deeec7f6d61 Mon Sep 17 00:00:00 2001 From: Luna712 <142361265+Luna712@users.noreply.github.com> Date: Tue, 23 Dec 2025 15:20:22 -0700 Subject: [PATCH 1/4] Migrate token generation to new action Note that `GH_APP_ID` needs moved from secrets to vars, see https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows --- .github/workflows/build_to_archive.yml | 27 +++++++++++--------------- .github/workflows/generate_dokka.yml | 13 +++++++------ .github/workflows/issue_action.yml | 20 +++++++++---------- .github/workflows/prerelease.yml | 14 ++++++------- .github/workflows/update_locales.yml | 12 ++++++------ 5 files changed, 41 insertions(+), 45 deletions(-) diff --git a/.github/workflows/build_to_archive.yml b/.github/workflows/build_to_archive.yml index 07096014afa..02f45de3eaa 100644 --- a/.github/workflows/build_to_archive.yml +++ b/.github/workflows/build_to_archive.yml @@ -18,20 +18,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/secrets" - - - name: Generate access token (archive) - id: generate_archive_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/cloudstream-archive" + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + repositories: | + cloudstream-archive + secrets - uses: actions/checkout@v6 @@ -49,8 +43,8 @@ jobs: run: | TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" KEY_PWD="$(cat keystore_password.txt)" echo "::add-mask::${KEY_PWD}" echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT @@ -72,8 +66,9 @@ jobs: - uses: actions/checkout@v6 with: repository: "recloudstream/cloudstream-archive" - token: ${{ steps.generate_archive_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} path: "archive" + persist-credentials: false - name: Move build run: cp app/build/outputs/apk/prerelease/release/*.apk "archive/$(git rev-parse --short HEAD).apk" diff --git a/.github/workflows/generate_dokka.yml b/.github/workflows/generate_dokka.yml index e3dac385751..4ff6996227b 100644 --- a/.github/workflows/generate_dokka.yml +++ b/.github/workflows/generate_dokka.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/dokka" + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + repositories: dokka - name: Checkout uses: actions/checkout@v6 @@ -31,8 +31,9 @@ jobs: uses: actions/checkout@v6 with: repository: "recloudstream/dokka" + token: ${{ steps.app-token.outputs.token }} path: "dokka" - token: ${{ steps.generate_token.outputs.token }} + persist-credentials: false - name: Clean old builds run: | diff --git a/.github/workflows/issue_action.yml b/.github/workflows/issue_action.yml index 4286e6b683e..5d7e8126716 100644 --- a/.github/workflows/issue_action.yml +++ b/.github/workflows/issue_action.yml @@ -9,17 +9,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} - name: Similarity analysis id: similarity uses: actions-cool/issues-similarity-analysis@v1 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} filter-threshold: 0.60 title-excludes: '' comment-title: | @@ -31,7 +31,7 @@ jobs: if: steps.similarity.outputs.similar-issues-found =='true' uses: actions/github-script@v8 with: - github-token: ${{ steps.generate_token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token }} script: | github.rest.issues.addLabels({ issue_number: context.issue.number, @@ -45,7 +45,7 @@ jobs: - name: Automatically close issues that dont follow the issue template uses: lucasbento/auto-close-issues@v1.0.2 with: - github-token: ${{ steps.generate_token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token }} issue-close-message: | @${issue.user.login}: hello! :wave: This issue is being automatically closed because it does not follow the issue template." @@ -66,7 +66,7 @@ jobs: uses: actions-cool/issues-helper@v3 with: actions: 'create-comment' - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} body: | Hello ${{ github.event.issue.user.login }}. Please do not report any provider bugs here. This repository does not contain any providers. Please find the appropriate repository and report your issue there or join the [discord](https://discord.gg/5Hus6fM). @@ -77,7 +77,7 @@ jobs: if: steps.provider_check.outputs.name != 'none' uses: actions/github-script@v8 with: - github-token: ${{ steps.generate_token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token }} script: | github.rest.issues.addLabels({ issue_number: context.issue.number, @@ -90,5 +90,5 @@ jobs: uses: actions-cool/emoji-helper@v1.0.0 with: type: 'issue' - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} emoji: 'eyes' diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index c7dee13eb3f..995fe6632dc 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/secrets" + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + repositories: secrets - uses: actions/checkout@v6 @@ -40,8 +40,8 @@ jobs: run: | TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" KEY_PWD="$(cat keystore_password.txt)" echo "::add-mask::${KEY_PWD}" echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT diff --git a/.github/workflows/update_locales.yml b/.github/workflows/update_locales.yml index 5b170d540f7..04f10c0c6ae 100644 --- a/.github/workflows/update_locales.yml +++ b/.github/workflows/update_locales.yml @@ -16,16 +16,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 + id: app-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/cloudstream" + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} - uses: actions/checkout@v6 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} + persist-credentials: false - name: Install dependencies run: pip3 install lxml requests From 0f252a9a42a64aec568d097c116046723b4d82b3 Mon Sep 17 00:00:00 2001 From: Luna712 <142361265+Luna712@users.noreply.github.com> Date: Mon, 29 Dec 2025 11:11:45 -0700 Subject: [PATCH 2/4] Add owner where we set repositories --- .github/workflows/build_to_archive.yml | 5 +++-- .github/workflows/generate_dokka.yml | 7 ++++--- .github/workflows/prerelease.yml | 1 + 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_to_archive.yml b/.github/workflows/build_to_archive.yml index 02f45de3eaa..ede8533b2aa 100644 --- a/.github/workflows/build_to_archive.yml +++ b/.github/workflows/build_to_archive.yml @@ -23,6 +23,7 @@ jobs: with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} + owner: ${{ github.repository_owner }} repositories: | cloudstream-archive secrets @@ -65,9 +66,9 @@ jobs: - uses: actions/checkout@v6 with: - repository: "recloudstream/cloudstream-archive" + repository: recloudstream/cloudstream-archive token: ${{ steps.app-token.outputs.token }} - path: "archive" + path: archive persist-credentials: false - name: Move build diff --git a/.github/workflows/generate_dokka.yml b/.github/workflows/generate_dokka.yml index 4ff6996227b..cc353f2452b 100644 --- a/.github/workflows/generate_dokka.yml +++ b/.github/workflows/generate_dokka.yml @@ -20,19 +20,20 @@ jobs: with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} + owner: ${{ github.repository_owner }} repositories: dokka - name: Checkout uses: actions/checkout@v6 with: - path: "src" + path: src - name: Checkout dokka uses: actions/checkout@v6 with: - repository: "recloudstream/dokka" + repository: recloudstream/dokka token: ${{ steps.app-token.outputs.token }} - path: "dokka" + path: dokka persist-credentials: false - name: Clean old builds diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 995fe6632dc..90145f04d45 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -22,6 +22,7 @@ jobs: with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} + owner: ${{ github.repository_owner }} repositories: secrets - uses: actions/checkout@v6 From fd13790e596bba10b34295b6654ddae789a3179f Mon Sep 17 00:00:00 2001 From: Luna712 <142361265+Luna712@users.noreply.github.com> Date: Wed, 6 May 2026 11:05:12 -0600 Subject: [PATCH 3/4] Use v3 --- .github/workflows/build_to_archive.yml | 2 +- .github/workflows/generate_dokka.yml | 2 +- .github/workflows/issue_action.yml | 2 +- .github/workflows/prerelease.yml | 2 +- .github/workflows/update_locales.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_to_archive.yml b/.github/workflows/build_to_archive.yml index fbdf75bc5d6..ce3faee3e9f 100644 --- a/.github/workflows/build_to_archive.yml +++ b/.github/workflows/build_to_archive.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Generate access token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} diff --git a/.github/workflows/generate_dokka.yml b/.github/workflows/generate_dokka.yml index 3b19ca54342..91367fd1fab 100644 --- a/.github/workflows/generate_dokka.yml +++ b/.github/workflows/generate_dokka.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Generate access token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} diff --git a/.github/workflows/issue_action.yml b/.github/workflows/issue_action.yml index 149107d9faa..2bd071b52e4 100644 --- a/.github/workflows/issue_action.yml +++ b/.github/workflows/issue_action.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Generate access token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 67a635f1259..17c9c0d54f1 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Generate access token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} diff --git a/.github/workflows/update_locales.yml b/.github/workflows/update_locales.yml index 0c437ad1357..2d776709b1f 100644 --- a/.github/workflows/update_locales.yml +++ b/.github/workflows/update_locales.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Generate access token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_KEY }} From 56e7a6de55b5216ddd6f8d08bd8da8e477981e43 Mon Sep 17 00:00:00 2001 From: Luna712 <142361265+Luna712@users.noreply.github.com> Date: Wed, 6 May 2026 14:05:43 -0600 Subject: [PATCH 4/4] Use client-id, fixes, and make actions more generic for forks --- .github/workflows/build_to_archive.yml | 24 +++++++++++++++--------- .github/workflows/generate_dokka.yml | 20 +++++++++++++------- .github/workflows/issue_action.yml | 6 ++++-- .github/workflows/prerelease.yml | 9 +++++---- .github/workflows/update_locales.yml | 16 +++++++++++----- 5 files changed, 48 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build_to_archive.yml b/.github/workflows/build_to_archive.yml index ce3faee3e9f..76d84a4af86 100644 --- a/.github/workflows/build_to_archive.yml +++ b/.github/workflows/build_to_archive.yml @@ -24,13 +24,20 @@ jobs: id: app-token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_KEY }} + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} + permission-contents: write repositories: | cloudstream-archive secrets + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + - uses: actions/checkout@v6 - name: Set up JDK 17 @@ -47,8 +54,8 @@ jobs: run: | TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore.jks" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore_password.txt" KEY_PWD="$(cat keystore_password.txt)" echo "::add-mask::${KEY_PWD}" echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT @@ -70,10 +77,9 @@ jobs: - uses: actions/checkout@v6 with: - repository: recloudstream/cloudstream-archive + repository: ${{ github.repository_owner }}/cloudstream-archive token: ${{ steps.app-token.outputs.token }} path: archive - persist-credentials: false - name: Move build run: cp app/build/outputs/apk/prerelease/release/*.apk "archive/$(git rev-parse --short HEAD).apk" @@ -81,8 +87,8 @@ jobs: - name: Push archive run: | cd $GITHUB_WORKSPACE/archive - git config --local user.email "actions@github.com" - git config --local user.name "GitHub Actions" + git config --local user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git config --local user.name '${{ steps.app-token.outputs.app-slug }}[bot]' git add . - git commit --amend -m "Build $GITHUB_SHA" || exit 0 # do not error if nothing to commit + git commit -m "Build $GITHUB_SHA" || exit 0 # do not error if nothing to commit git push --force diff --git a/.github/workflows/generate_dokka.yml b/.github/workflows/generate_dokka.yml index 91367fd1fab..a3003df0606 100644 --- a/.github/workflows/generate_dokka.yml +++ b/.github/workflows/generate_dokka.yml @@ -21,11 +21,18 @@ jobs: id: app-token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_KEY }} + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} + permission-contents: write repositories: dokka + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + - name: Checkout uses: actions/checkout@v6 with: @@ -34,10 +41,9 @@ jobs: - name: Checkout dokka uses: actions/checkout@v6 with: - repository: recloudstream/dokka + repository: ${{ github.repository_owner }}/dokka token: ${{ steps.app-token.outputs.token }} path: dokka - persist-credentials: false - name: Clean old builds run: | @@ -69,8 +75,8 @@ jobs: run: | cd $GITHUB_WORKSPACE/dokka touch .nojekyll - git config --local user.email "111277985+recloudstream[bot]@users.noreply.github.com" - git config --local user.name "recloudstream[bot]" + git config --local user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git config --local user.name '${{ steps.app-token.outputs.app-slug }}[bot]' git add . - git commit --amend -m "Generate dokka for recloudstream/cloudstream@${GITHUB_SHA}" || exit 0 # do not error if nothing to commit + git commit -m "Generate dokka for ${GITHUB_REPOSITORY}@${GITHUB_SHA}" || exit 0 # do not error if nothing to commit git push --force diff --git a/.github/workflows/issue_action.yml b/.github/workflows/issue_action.yml index 2bd071b52e4..13d1950bcb3 100644 --- a/.github/workflows/issue_action.yml +++ b/.github/workflows/issue_action.yml @@ -16,8 +16,10 @@ jobs: id: app-token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_KEY }} + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + permission-contents: read + permission-issues: write - name: Similarity analysis id: similarity diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 17c9c0d54f1..d023af13a71 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -23,9 +23,10 @@ jobs: id: app-token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_KEY }} + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} + permission-contents: read repositories: secrets - uses: actions/checkout@v6 @@ -44,8 +45,8 @@ jobs: run: | TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore.jks" + curl -H "Authorization: token ${{ steps.app-token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/${GITHUB_REPOSITORY_OWNER}/secrets/HEAD/keystore_password.txt" KEY_PWD="$(cat keystore_password.txt)" echo "::add-mask::${KEY_PWD}" echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT diff --git a/.github/workflows/update_locales.yml b/.github/workflows/update_locales.yml index 2d776709b1f..58a7234b193 100644 --- a/.github/workflows/update_locales.yml +++ b/.github/workflows/update_locales.yml @@ -22,13 +22,19 @@ jobs: id: app-token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_KEY }} + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + permission-contents: write + + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - uses: actions/checkout@v6 with: token: ${{ steps.app-token.outputs.token }} - persist-credentials: false - name: Install dependencies run: pip3 install lxml requests @@ -38,8 +44,8 @@ jobs: - name: Commit to the repo run: | - git config --local user.email "111277985+recloudstream[bot]@users.noreply.github.com" - git config --local user.name "recloudstream[bot]" + git config --local user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git config --local user.name '${{ steps.app-token.outputs.app-slug }}[bot]' git add . # "echo" returns true so the build succeeds, even if no changed files git commit -m 'chore(locales): fix locale issues' || echo