@@ -106,27 +106,27 @@ jobs:
106106 runs-on : ubuntu-latest
107107 name : Semantic release
108108 steps :
109- - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
109+ - uses : actions/create-github-app-token@v2
110+ id : app-token
111+ with :
112+ app-id : ${{ secrets.ECOSPARK_APP_ID }}
113+ private-key : ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }}
114+ - uses : actions/checkout@v4
110115 with :
111116 # Need to fetch entire commit history to
112117 # analyze every commit since last release
113118 fetch-depth : 0
114- - uses : actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
119+ # Uses generated token to allow pushing commits back
120+ token : ${{ steps.app-token.outputs.token }}
121+ # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
122+ persist-credentials : false
123+ - uses : actions/setup-node@v4
115124 with :
116125 cache : npm
117126 node-version : lts/*
118127 - run : npm ci
119128 # Branches that will release new versions are defined in .releaserc.json
120129 - run : npx semantic-release
121- # Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
122- # e.g. git tags were pushed but it exited before `npm publish`
123- if : always()
124- env :
125- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
126- NPM_TOKEN : ${{ secrets.NPM_PUBLISH_TOKEN }}
127- # Re-run semantic release with rich logs if it failed to publish for easier debugging
128- - run : npx semantic-release --dry-run --debug
129- if : failure()
130130 env :
131- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
131+ GITHUB_TOKEN : ${{ steps.app-token.outputs.token }}
132132 NPM_TOKEN : ${{ secrets.NPM_PUBLISH_TOKEN }}
0 commit comments