diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index de2f4a5..1bb0043 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -135,8 +135,18 @@ jobs: path: intentproof-spec/conformance-certificate.json if-no-files-found: error + - name: Mint cert-bot installation token + id: cert_bot_token + if: ${{ github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master') && github.actor != 'github-actions[bot]' }} + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.INTENTPROOF_CERT_BOT_ID }} + private-key: ${{ secrets.INTENTPROOF_CERT_BOT_PRIVATE_KEY }} + - name: Publish conformance certificate and report at repo root if: ${{ github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master') && github.actor != 'github-actions[bot]' }} + env: + INTENTPROOF_CERT_BOT_TOKEN: ${{ steps.cert_bot_token.outputs.token }} run: | set -euo pipefail cp intentproof-spec/conformance-certificate.json conformance-certificate.json @@ -145,14 +155,12 @@ jobs: echo "No conformance artifact updates to commit." exit 0 fi - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config user.name "intentproof-cert-bot[bot]" + git config user.email "intentproof-cert-bot[bot]@users.noreply.github.com" + git remote set-url origin "https://x-access-token:${INTENTPROOF_CERT_BOT_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" git add conformance-certificate.json conformance-report.json git commit -m "chore(ci): update conformance certificate and report" - if ! git push; then - echo "::warning::Unable to push conformance artifacts from this workflow context; leaving check green and relying on artifact uploads." - exit 0 - fi + git push spec-golden-parity: runs-on: ubuntu-latest