From c3c1b047ed3cfe663f6ffde91223ef73516b5fb3 Mon Sep 17 00:00:00 2001 From: Tom Stellard <tstellar@redhat.com> Date: Tue, 1 Oct 2024 06:12:03 -0700 Subject: [PATCH] workflows/release-documentation: Submit a pull request with changes (#108247) This is instead of pushing directly. Creating a pull request is slightly more work for the release manager, but it is more secure as we no longer need a secret with write access to the www-releases repo. (cherry picked from commit 9cd289fa4a7355e1bfd3129ba9c755f979fd0a72) --- .github/workflows/release-documentation.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml index 70e5f08b6f72..922c5093f135 100644 --- a/.github/workflows/release-documentation.yml +++ b/.github/workflows/release-documentation.yml @@ -72,17 +72,20 @@ jobs: ref: main fetch-depth: 0 path: www-releases + persist-credentials: false - name: Upload Release Notes if: env.upload env: - WWW_RELEASES_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }} + GH_TOKEN: ${{ secrets.WWW_RELEASES_TOKEN }} run: | - mkdir -p ../www-releases/${{ inputs.release-version }} - mv ./docs-build/html-export/* ../www-releases/${{ inputs.release-version }} - cd ../www-releases + mkdir -p www-releases/${{ inputs.release-version }} + mv ./docs-build/html-export/* www-releases/${{ inputs.release-version }} + cd www-releases + git checkout -b ${{ inputs.release-version }} git add ${{ inputs.release-version }} git config user.email "llvmbot@llvm.org" git config user.name "llvmbot" git commit -a -m "Add ${{ inputs.release-version }} documentation" - git push "https://$WWW_RELEASES_TOKEN@github.com/${{ github.repository_owner }}/www-releases" main:main + git push --force "https://$GH_TOKEN@github.com/llvmbot/www-releases.git" HEAD:refs/heads/${{ inputs.release-version }} + gh pr create -f -B main -H ${{ inputs.release-version }} -R llvmbot/www-releases -- GitLab