feat(gh-actions): 🚀 Tentative change generate token as composite

gbm25 · gbm25 · commit bcacc28febe8 · 2025-01-30T16:03:14.000+01:00
diff --git a/.github/actions/generate-token.yml b/.github/actions/generate-token.yml
@@ -0,0 +1,17 @@
+name: 'Generate GitHub App Token'
+description: 'Generates a GitHub App token'
+outputs:
+  token:
+    description: 'Generated GitHub App Token'
+    value: ${{ steps.generate-zdc-token.outputs.token }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Generate GitHub App Token
+      uses: actions/create-github-app-token@v1
+      id: generate-zdc-token
+      with:
+        app-id: ${{ vars.ZDC_AUTH_APP_ID }}
+        private-key: ${{ secrets.ZDC_AUTH_PRIVATE_KEY }}
+        owner: ${{ github.repository_owner }}
diff --git a/.github/workflows/deploy-chatbot.yml b/.github/workflows/deploy-chatbot.yml
@@ -32,29 +32,21 @@ jobs:
           echo "Project: ${{ steps.parse-deploy-command.outputs.project }}"
           echo "Infra: ${{ steps.parse-deploy-command.outputs.infra }}"
 
-  generate-token:
-    needs: parse-command
-    uses: zerodaycode/app-summoners-sync/.github/workflows/generate-token.yml@develop
-    secrets: inherit
-
   notify-user:
-    needs: [parse-command, generate-token]
+    needs: [parse-command]
     uses: zerodaycode/app-summoners-sync/.github/workflows/notify-user.yml@develop
     with:
       environment: ${{ needs.parse-command.outputs.environment }}
       project: ${{ needs.parse-command.outputs.project }}
       infra: ${{ needs.parse-command.outputs.artifact }}
 
   deploy-project:
-    needs: [parse-command, generate-token, notify-user]
+    needs: [parse-command, notify-user]
     if: needs.parse-command.outputs.project != ''
     uses: zerodaycode/app-summoners-sync/.github/workflows/deploy-project.yml@develop
     with:
       project: ${{ needs.parse-command.outputs.project }}
       environment: ${{ needs.parse-command.outputs.environment }}
-    secrets: 
-      ZDC_TOKEN: ${{ needs.generate-token.outputs.ZDC_TOKEN }}
-      PASSPHRASE_ACTION_TOKEN: ${{ secrets.PASSPHRASE_ACTION_TOKEN }}
 
   deploy-infra:
     needs: [parse-command, notify-user]
diff --git a/.github/workflows/deploy-project.yml b/.github/workflows/deploy-project.yml
@@ -9,28 +9,20 @@ on:
       environment:
         required: true
         type: string
-    secrets:
-      ZDC_TOKEN:
-        required: true
-      PASSPHRASE_ACTION_TOKEN:
-        required: true
+
 
 jobs:
   deploy_project_artifact:
     runs-on: ubuntu-latest
     steps:
-      - name: Decrypt ZDC Token
-        id: decrypt-token
-        run: |
-          ENCRYPTED_TOKEN="${{ secrets.ZDC_TOKEN }}"
-          DECRYPTED_TOKEN=$(echo "$ENCRYPTED_TOKEN" | base64 -d | gpg --decrypt --quiet --batch --passphrase "${{ secrets.PASSPHRASE_ACTION_TOKEN }}")
-          echo "ZDCTOKEN=$DECRYPTED_TOKEN" >> $GITHUB_ENV
-          echo "::add-mask::$DECRYPTED_TOKEN"
+      - name: Generate Token
+        id: generate-token
+        uses: zerodaycode/app-summoners-sync/.github/actions/generate-token.yml@develop
       
       - name: Trigger Deployment Workflow
         uses: actions/github-script@v7
         with:
-          github-token: ${{ env.ZDCTOKEN }}
+          github-token: ${{ steps.generate-token.outputs.token }}
           script: |
             const environment = `"${{ inputs.environment }}"`;
             const project     = `"${{ inputs.project }}"`;
diff --git a/.github/workflows/generate-token.yml b/.github/workflows/generate-token.yml
