A GitHub App to save or update it's installation token into the secrets of current repo, then we can use the token to replace `secrets.GITHUB_TOKEN` in our workflows.
The app's installation token can be used to impersonate a GitHub App when secrets.GITHUB_TOKEN's limitations are too restrictive and a personal access token is not suitable. secrets.GITHUB_TOKEN has limitations such as not being able to triggering a new workflow from another workflow. A workaround is to use a personal access token from a personal user/bot account. However, for organizations, GitHub Apps are a more appropriate automation solution.
Visit the installation page and install the GitHub App on your repositories. That's all there is to it ❤️
Two secrets with name APP_NAME and APP_TOKEN will be created or updated before any workflow run, so we can use the secrets in our workflow.
- name: Semantic Release
uses: cycjimmy/semantic-release-action@v2
with:
extra_plugins: |
@semantic-release/changelog
@semantic-release/git
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# use `secrets.APP_TOKEN` to replace `secrets.GITHUB_TOKEN`
GITHUB_TOKEN: ${{ secrets.APP_TOKEN }}
# use `${{ secrets.APP_NAME }}` as needed
GIT_AUTHOR_NAME: ${{ secrets.APP_NAME }}[bot]
GIT_AUTHOR_EMAIL: ${{ secrets.APP_NAME }}[bot]@users.noreply.github.com
GIT_COMMITTER_NAME: ${{ secrets.APP_NAME }}[bot]
GIT_COMMITTER_EMAIL: ${{ secrets.APP_NAME }}[bot]@users.noreply.github.comThis app only be used for demonstration which was deployed on Netlify. Fork the source code and follow the tutorial to deploy your own app with custom permissions, bot name, avatar, etc.
The scripts and documentation in this project are released under the MIT License