Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- SECURITY.md with security policy
- Pre-commit hooks configuration

### Changed
- **deploy** and **cleanup** actions: `github-token` now defaults to `github.token`
- No longer necessary to explicitly pass `github-token: ${{ secrets.GITHUB_TOKEN }}`
- Only needed when using a custom PAT for cross-repository operations

### Fixed
- ShellCheck warnings: properly quoted GITHUB_OUTPUT
- Actionlint configuration to only lint workflow files
Expand Down
5 changes: 1 addition & 4 deletions cleanup/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Removes a ZAD deployment and optionally cleans up associated GitHub resources (e
| `container-org` | No | `''` | Organization owning the container (for image deletion) |
| `container-name` | No | `''` | Container package name (for image deletion) |
| `container-tag` | No | `''` | Container tag to delete (for image deletion) |
| `github-token` | No | `''` | GitHub token for deployment and container deletion (`deployments: write`, `packages: delete`) |
| `github-token` | No | `github.token` | GitHub token for deployments/containers/PR (defaults to automatic token) |
| `github-admin-token` | No | `''` | GitHub token for environment deletion (needs repo admin permission) |
| `api-base-url` | No | `https://operations-manager.rig.prd1.gn2.quattro.rijksapps.nl/api` | ZAD Operations Manager API base URL |
| `update-pr-comment` | No | `false` | Update the deploy PR comment to show cleanup status |
Expand Down Expand Up @@ -59,7 +59,6 @@ Removes a ZAD deployment and optionally cleans up associated GitHub resources (e
container-org: minbzk
container-name: regelrecht-mvp
container-tag: pr-${{ github.event.number }}
github-token: ${{ secrets.GITHUB_TOKEN }}
github-admin-token: ${{ secrets.GITHUB_ADMIN_TOKEN }}
```

Expand All @@ -86,7 +85,6 @@ cleanup-preview:
container-org: ${{ github.repository_owner }}
container-name: ${{ github.event.repository.name }}
container-tag: pr-${{ github.event.number }}
github-token: ${{ secrets.GITHUB_TOKEN }}
github-admin-token: ${{ secrets.GITHUB_ADMIN_TOKEN }}
update-pr-comment: true
```
Expand Down Expand Up @@ -195,7 +193,6 @@ Check cleanup results and take action:
container-org: ${{ github.repository_owner }}
container-name: my-app
container-tag: pr-${{ github.event.number }}
github-token: ${{ secrets.GITHUB_TOKEN }}
github-admin-token: ${{ secrets.GITHUB_ADMIN_TOKEN }}

- name: Report cleanup results
Expand Down
8 changes: 4 additions & 4 deletions cleanup/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,9 @@ inputs:
required: false
default: ''
github-token:
description: 'GitHub token for deployment deletion (needs deployments:write permission)'
description: 'GitHub token for deployment/PR operations (defaults to automatic token)'
required: false
default: ''
default: ${{ github.token }}
github-admin-token:
description: 'GitHub token for environment deletion (needs repo admin permission, typically GITHUB_ADMIN_TOKEN secret)'
required: false
Expand Down Expand Up @@ -138,7 +138,7 @@ runs:

- name: Delete GitHub Deployments
id: delete-github-deployments
if: inputs.delete-github-deployments == 'true' && inputs.github-token != ''
if: inputs.delete-github-deployments == 'true'
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
Expand Down Expand Up @@ -275,7 +275,7 @@ runs:

- name: Update PR Comment
id: update-pr-comment
if: inputs.update-pr-comment == 'true' && inputs.github-token != '' && github.event_name == 'pull_request'
if: inputs.update-pr-comment == 'true' && github.event_name == 'pull_request'
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
Expand Down
5 changes: 2 additions & 3 deletions deploy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Deploys a container image to ZAD Operations Manager.
| `force-clone` | No | `false` | Force clone even if deployment already exists |
| `api-base-url` | No | `https://operations-manager.rig.prd1.gn2.quattro.rijksapps.nl/api` | ZAD Operations Manager API base URL |
| `comment-on-pr` | No | `false` | Post/update a comment on the PR with the deployment URL |
| `github-token` | No | `''` | GitHub token for PR commenting (needs `pull-requests: write`) |
| `github-token` | No | `github.token` | GitHub token for PR commenting (defaults to automatic token) |
| `comment-header` | No | `## 🚀 Preview Deployment` | Custom header for the PR comment |

## Outputs
Expand Down Expand Up @@ -79,7 +79,6 @@ deploy-preview:
image: ghcr.io/org/app:pr-${{ github.event.number }}
clone-from: production
comment-on-pr: true
github-token: ${{ secrets.GITHUB_TOKEN }}
```

The action will create a comment like this on the PR:
Expand Down Expand Up @@ -121,7 +120,7 @@ deploy:
| Basic deployment | None (only ZAD API key) |
| PR commenting | `pull-requests: write` |

For PR commenting, pass `github-token: ${{ secrets.GITHUB_TOKEN }}` and ensure your job has the required permission:
For PR commenting, ensure your job has the required permission (the token defaults to `github.token`):

```yaml
permissions:
Expand Down
8 changes: 4 additions & 4 deletions deploy/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@ inputs:
required: false
default: 'https://operations-manager.rig.prd1.gn2.quattro.rijksapps.nl/api'
comment-on-pr:
description: 'Post/update a comment on the PR with the deployment URL (requires github-token)'
description: 'Post/update a comment on the PR with the deployment URL'
required: false
default: 'false'
github-token:
description: 'GitHub token for PR commenting (needs pull-requests: write permission)'
description: 'GitHub token for PR commenting (defaults to automatic token)'
required: false
default: ''
default: ${{ github.token }}
comment-header:
description: 'Custom header for the PR comment (default: "## 🚀 Preview Deployment")'
required: false
Expand Down Expand Up @@ -182,7 +182,7 @@ runs:
fi

- name: Comment on PR
if: inputs.comment-on-pr == 'true' && inputs.github-token != '' && github.event_name == 'pull_request'
if: inputs.comment-on-pr == 'true' && github.event_name == 'pull_request'
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
Expand Down