Skip to content

Commit dd8f630

Browse files
b3ndoib3ndoi
authored
[CUST-5380] fix(release): require scheduler consumer token (#73)
1 parent de76c91 commit dd8f630

1 file changed

Lines changed: 24 additions & 2 deletions

File tree

.github/workflows/release.yml

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -230,11 +230,33 @@ jobs:
230230
echo "version=$REACT_VERSION" >> "$GITHUB_OUTPUT"
231231
echo "safe_version=$SAFE_VERSION" >> "$GITHUB_OUTPUT"
232232
233+
- name: Verify consumer update token
234+
env:
235+
CONSUMER_TOKEN: ${{ secrets.SCHEDULER_CONSUMER_TOKEN }}
236+
REPOSITORY: ${{ matrix.repository }}
237+
run: |
238+
if [ -z "$CONSUMER_TOKEN" ]; then
239+
echo "::error::Set SCHEDULER_CONSUMER_TOKEN in nylas/javascript with read/write access to nylas/dashboard-v3 and nylas/scheduler-v3."
240+
echo "::error::Fine-grained token permissions: Contents read/write and Pull requests read/write for both consumer repositories."
241+
exit 1
242+
fi
243+
244+
STATUS=$(curl --silent --show-error --output /tmp/repo.json --write-out "%{http_code}" \
245+
--header "Authorization: Bearer $CONSUMER_TOKEN" \
246+
--header "Accept: application/vnd.github+json" \
247+
--header "X-GitHub-Api-Version: 2022-11-28" \
248+
"https://api.github.com/repos/$REPOSITORY")
249+
250+
if [ "$STATUS" != "200" ]; then
251+
echo "::error::SCHEDULER_CONSUMER_TOKEN cannot access $REPOSITORY (GitHub API status: $STATUS)."
252+
exit 1
253+
fi
254+
233255
- name: Checkout ${{ matrix.consumer }}
234256
uses: actions/checkout@v4
235257
with:
236258
repository: ${{ matrix.repository }}
237-
token: ${{ secrets.BOT_PAT || secrets.SDK_RELEASE_PAT }}
259+
token: ${{ secrets.SCHEDULER_CONSUMER_TOKEN }}
238260
ref: main
239261
fetch-depth: 0
240262

@@ -280,7 +302,7 @@ jobs:
280302

281303
- name: Create or update pull request
282304
env:
283-
GH_TOKEN: ${{ secrets.BOT_PAT || secrets.SDK_RELEASE_PAT }}
305+
GH_TOKEN: ${{ secrets.SCHEDULER_CONSUMER_TOKEN }}
284306
PACKAGE_JSON_PATH: ${{ matrix.package_json_path }}
285307
REACT_VERSION: ${{ steps.version.outputs.version }}
286308
SAFE_VERSION: ${{ steps.version.outputs.safe_version }}

0 commit comments

Comments
 (0)