Skip to content

Commit a45b545

Browse files
jamesiarmesjamesiarmes
authored
ci: Updated deployment to use a GitHub App instead of a PAT. (#68)
1 parent 1c4b862 commit a45b545

File tree

1 file changed

+17
-8
lines changed

1 file changed

+17
-8
lines changed

.github/workflows/deploy-to-staging.yml

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,21 +8,22 @@ on:
88
jobs:
99
ci:
1010
uses: ./.github/workflows/ci.yml
11+
1112
deploy:
1213
name: Deploy to Staging
1314
environment: staging
1415
runs-on: ubuntu-latest
1516
env:
1617
ECR_REPOSITORY: work-requirements-self-advocacy-tool-staging-web
1718
IMAGE_TAG: ${{ github.sha }}
18-
BUNDLE_GITHUB__COM: ${{ secrets.DEPLOY_PAT }}
19+
INFRA_REPO: work-requirements-self-advocacy-tool-infra
1920

2021
steps:
2122
- name: Check out code
2223
uses: actions/checkout@v6
2324

2425
- name: Configure AWS credentials
25-
uses: aws-actions/configure-aws-credentials@v4
26+
uses: aws-actions/configure-aws-credentials@v5
2627
with:
2728
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
2829
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -45,13 +46,21 @@ jobs:
4546
--name /work-requirements-self-advocacy-tool/staging/web/version \
4647
--value "$IMAGE_TAG" \
4748
--overwrite
49+
- name: Get a deployment token
50+
uses: actions/create-github-app-token@v2
51+
id: token
52+
with:
53+
app-id: ${{ secrets.DEPLOYMENT_APP_ID }}
54+
private-key: ${{ secrets.DEPLOYMENT_APP_KEY }}
55+
owner: codeforamerica
56+
repositories: ${{ env.INFRA_REPO }}
4857
- name: Trigger deployment from work requirements self advocacy infra
49-
uses: codex-/return-dispatch@v2
58+
uses: codex-/return-dispatch@v3
5059
id: dispatch
5160
with:
52-
token: ${{ secrets.DEPLOY_PAT }}
61+
token: ${{ steps.token.outputs.token }}
5362
ref: 'main'
54-
repo: work-requirements-self-advocacy-tool-infra
63+
repo: ${{ env.INFRA_REPO }}
5564
owner: codeforamerica
5665
workflow: 'deploy.yml'
5766
workflow_inputs: |
@@ -63,12 +72,12 @@ jobs:
6372
uses: lucasssvaz/wait-on-workflow@v1
6473
id: waiter
6574
with:
66-
github-token: ${{ secrets.DEPLOY_PAT }}
67-
repository: codeforamerica/work-requirements-self-advocacy-tool-infra
75+
github-token: ${{ steps.token.outputs.token }}
76+
repository: codeforamerica/${{ env.INFRA_REPO }}
6877
workflow: ${{ steps.dispatch.outputs.run_id }}
6978
- name: Fail unless the workflow succeeded
7079
if: ${{ steps.waiter.outputs.conclusion != 'success' }}
71-
uses: actions/github-script@v7
80+
uses: actions/github-script@v8
7281
with:
7382
script: |
7483
core.setFailed('Deployment workflow completed with stats: ${{ steps.waiter.outputs.conclusion }}')

0 commit comments

Comments
 (0)