From c3c1b047ed3cfe663f6ffde91223ef73516b5fb3 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar@redhat.com>
Date: Tue, 1 Oct 2024 06:12:03 -0700
Subject: [PATCH] workflows/release-documentation: Submit a pull request with
changes (#108247)
This is instead of pushing directly. Creating a pull request is slightly
more work for the release manager, but it is more secure as we no longer
need a secret with write access to the www-releases repo.
(cherry picked from commit 9cd289fa4a7355e1bfd3129ba9c755f979fd0a72)
---
.github/workflows/release-documentation.yml | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml
index 70e5f08b6f72..922c5093f135 100644
--- a/.github/workflows/release-documentation.yml
+++ b/.github/workflows/release-documentation.yml
@@ -72,17 +72,20 @@ jobs:
ref: main
fetch-depth: 0
path: www-releases
+ persist-credentials: false
- name: Upload Release Notes
if: env.upload
env:
- WWW_RELEASES_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }}
+ GH_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }}
run: |
- mkdir -p ../www-releases/${{ inputs.release-version }}
- mv ./docs-build/html-export/* ../www-releases/${{ inputs.release-version }}
- cd ../www-releases
+ mkdir -p www-releases/${{ inputs.release-version }}
+ mv ./docs-build/html-export/* www-releases/${{ inputs.release-version }}
+ cd www-releases
+ git checkout -b ${{ inputs.release-version }}
git add ${{ inputs.release-version }}
git config user.email "llvmbot@llvm.org"
git config user.name "llvmbot"
git commit -a -m "Add ${{ inputs.release-version }} documentation"
- git push "https://$WWW_RELEASES_TOKEN@github.com/${{ github.repository_owner }}/www-releases" main:main
+ git push --force "https://$GH_TOKEN@github.com/llvmbot/www-releases.git" HEAD:refs/heads/${{ inputs.release-version }}
+ gh pr create -f -B main -H ${{ inputs.release-version }} -R llvmbot/www-releases
--
GitLab