This repository was archived by the owner on Jan 20, 2026. It is now read-only.

ci(secrets): Use GH App instead of PAT CU-86c5y4a84 (#1) #11

	name: deploy-argo-production

	on:
	push:
	branches:
	- main

	permissions:
	contents: write
	id-token: write
	packages: read

	jobs:
	build-docker-image:
	uses: ./.github/workflows/build.yaml
	name: Build Docker image
	with:
	aws-role-arn: ${{ vars.PRODUCTION_ECR_ROLE_ARN }}
	docker_file_path: Dockerfile

	update-helm-values:
	name: Update Helm values
	runs-on: ubuntu-latest
	needs: build-docker-image
	env:
	ENVIRONMENT: 'production'
	REPOSITORY: ${{ github.event.repository.name }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Generate token
	id: generate-token
	uses: actions/create-github-app-token@v2
	with:
	app-id: ${{ vars.KITTL_CI_APP_ID }}
	private-key: ${{ secrets.KITTL_CI_APP_PRIVATE_KEY }}
	owner: ${{ github.repository_owner }}
	repositories: \|
	development-applications-config
	- name: Checkout helm config Repository
	uses: actions/checkout@v4
	with:
	repository: Kittl/development-applications-config
	ref: main
	path: helm-config
	token: ${{ steps.generate-token.outputs.token }}
	persist-credentials: false
	- name: Update Image Version in the related HelmChart values.yaml
	uses: fjogeleit/yaml-update-action@v0.14.0
	with:
	valueFile: ${{ format('{0}/{1}/values.yaml', env.ENVIRONMENT, env.REPOSITORY) }}
	propertyPath: 'deployment.image.tag'
	value: ${{ needs.build-docker-image.outputs.image-tag }}
	repository: Kittl/development-applications-config
	branch: main
	createPR: false
	message: 'Update Image Version to ${{ needs.build-docker-image.outputs.image-tag }}'
	token: ${{ steps.generate-token.outputs.token }}
	workDir: helm-config

Provide feedback