Use GitHub App client ID for project sync token #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: add-to-project | |
| # Auto-adds every new issue / PR to the FastLED Tracker project (#1). | |
| # | |
| # Auth: GitHub App "FastLED Project Sync" — scoped to Projects: read/write + | |
| # Contents/Issues/Pull requests: read. No expiration (App installation tokens | |
| # auto-rotate). The App ID lives in a repo variable; the private key lives in | |
| # a repo secret. | |
| # | |
| # Required configuration (already set on all 6 feeder repos): | |
| # vars.PROJECT_APP_CLIENT_ID = Iv23liL4dLxjYFwTNWKt | |
| # vars.PROJECT_OWNER = FastLED | |
| # vars.PROJECT_NUMBER = 1 | |
| # secrets.PROJECT_APP_PRIVATE_KEY = <PEM contents> | |
| # | |
| # To rotate the App's private key: | |
| # 1. On https://github.com/organizations/FastLED/settings/apps generate new key | |
| # 2. For each repo: gh secret set PROJECT_APP_PRIVATE_KEY --repo FastLED/<repo> < new.pem | |
| # 3. Revoke the old key in the App settings | |
| on: | |
| issues: | |
| types: [opened] | |
| pull_request_target: | |
| types: [opened] | |
| permissions: | |
| contents: read | |
| jobs: | |
| add: | |
| runs-on: ubuntu-latest | |
| if: ${{ vars.PROJECT_APP_CLIENT_ID != '' && vars.PROJECT_OWNER != '' }} | |
| steps: | |
| - name: Generate App token | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| client-id: ${{ vars.PROJECT_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.PROJECT_APP_PRIVATE_KEY }} | |
| owner: ${{ vars.PROJECT_OWNER }} | |
| - name: Add to project | |
| uses: actions/add-to-project@v1.0.2 | |
| with: | |
| project-url: https://github.com/orgs/${{ vars.PROJECT_OWNER }}/projects/${{ vars.PROJECT_NUMBER }} | |
| github-token: ${{ steps.app-token.outputs.token }} |