diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index cfd479e..e1347b5 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,8 +1,6 @@ name: Build and Test on: push: - branches-ignore: - - main jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 2b1a306..265ca62 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,7 +5,7 @@ on: jobs: increment-version: permissions: - contents: write + id-token: write runs-on: ubuntu-latest steps: - name: Checkout @@ -18,10 +18,23 @@ jobs: node-version: '18.x' cache: 'npm' registry-url: 'https://registry.npmjs.org' + - name: Get GH Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_RELEASE_APP_ID }} + private-key: ${{ secrets.GH_RELEASE_APP_PRIVATE_KEY }} - name: Increment version + uses: chainguard-dev/actions/setup-gitsign@main + shell: bash + env: + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} run: | - git config user.name github-actions - git config user.email github-actions@github.com +# Temporarily commenting out setting the git user.name and user.email to try the gitsign action which set these for signing commits. +# https://www.chainguard.dev/unchained/keyless-git-commit-signing-with-gitsign-and-github-actions - not recommended for private repos +# git config user.name "datadogclientjsrepopush[bot]" +# git config user.email "161316041+datadogclientjsrepopush[bot]@users.noreply.github.com" + git remote set-url origin https://x-access-token/:${{ steps.app-token.outputs.token }}@github.com/${{ github.repository }} npm version ${{ github.event.release.tag_name }} -m "[ci skip] v%s" git tag -af ${{ github.event.release.tag_name }} -m "[ci skip] v%s" git push