From 659e63e56364791e226068d87dbc94f1fb679615 Mon Sep 17 00:00:00 2001 From: Mahendra Paipuri Date: Mon, 3 Mar 2025 15:29:53 +0100 Subject: [PATCH] ci: Update release workflows from jupyter-releaser repo Signed-off-by: Mahendra Paipuri --- .github/workflows/prep-release.yml | 7 ++++--- .github/workflows/publish-release.yml | 19 ++++++++++--------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index 7a198b8..fc39b21 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -22,6 +22,8 @@ on: jobs: prep_release: runs-on: ubuntu-latest + permissions: + contents: write steps: - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 @@ -29,14 +31,13 @@ jobs: id: prep-release uses: jupyter-server/jupyter_releaser/.github/actions/prep-release@v2 with: - token: ${{ secrets.ADMIN_GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} version_spec: ${{ github.event.inputs.version_spec }} post_version_spec: ${{ github.event.inputs.post_version_spec }} - target: ${{ github.event.inputs.target }} branch: ${{ github.event.inputs.branch }} since: ${{ github.event.inputs.since }} since_last_stable: ${{ github.event.inputs.since_last_stable }} - name: "** Next Step **" run: | - echo "Optional): Review Draft Release: ${{ steps.prep-release.outputs.release_url }}" + echo "Optional): Review Draft Release: ${{ steps.prep-release.outputs.release_url }}" diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 1ddf2e2..c188106 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -15,18 +15,23 @@ on: jobs: publish_release: runs-on: ubuntu-latest + environment: release permissions: - # This is useful if you want to use PyPI trusted publisher - # and NPM provenance id-token: write steps: - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Populate Release id: populate-release uses: jupyter-server/jupyter_releaser/.github/actions/populate-release@v2 with: - token: ${{ secrets.ADMIN_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} branch: ${{ github.event.inputs.branch }} release_url: ${{ github.event.inputs.release_url }} steps_to_skip: ${{ github.event.inputs.steps_to_skip }} @@ -34,14 +39,10 @@ jobs: - name: Finalize Release id: finalize-release env: - # The following are needed if you use legacy PyPI set up - # PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - # PYPI_TOKEN_MAP: ${{ secrets.PYPI_TOKEN_MAP }} - # TWINE_USERNAME: __token__ NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - uses: jupyter-server/jupyter-releaser/.github/actions/finalize-release@v2 + uses: jupyter-server/jupyter_releaser/.github/actions/finalize-release@v2 with: - token: ${{ secrets.ADMIN_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} release_url: ${{ steps.populate-release.outputs.release_url }} - name: "** Next Step **"