Skip to content

Commit 969244a

Browse files
authored
ci: Switch from SENTRY_RELEASE_BOT to SENTRY_INTERNAL_APP (#7128)
## Summary - Replace `SENTRY_RELEASE_BOT_CLIENT_ID` / `SENTRY_RELEASE_BOT_PRIVATE_KEY` with `SENTRY_INTERNAL_APP_ID` / `SENTRY_INTERNAL_APP_PRIVATE_KEY` in both workflow files - The auto-approve actor check now accepts both `sentry-release-bot[bot]` and `getsantry[bot]` to support the transition - Org-level variable and secret are already configured The detailed implementation plan is attached as a `git note` on the first commit.
1 parent 0256ae1 commit 969244a

2 files changed

Lines changed: 7 additions & 7 deletions

File tree

.github/workflows/auto-approve.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ jobs:
1010
auto-approve:
1111
runs-on: ubuntu-latest
1212
if: |
13-
github.actor == 'sentry-release-bot[bot]' &&
13+
(github.actor == 'sentry-release-bot[bot]' || github.actor == 'getsantry[bot]') &&
1414
startsWith(github.event.issue.title, 'publish: ')
1515
steps:
1616
- uses: actions/checkout@v4
@@ -21,8 +21,8 @@ jobs:
2121
id: token
2222
uses: actions/create-github-app-token@v2.2.1
2323
with:
24-
app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
25-
private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
24+
app-id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
25+
private-key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
2626
- name: Auto-approve if repo is in the list
2727
env:
2828
GH_TOKEN: ${{ steps.token.outputs.token }}

.github/workflows/publish.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,12 +62,12 @@ jobs:
6262
echo 'taking craft config from branch ${{ fromJSON(steps.inputs.outputs.result).merge_target }} in ${{ fromJSON(steps.inputs.outputs.result).repo }}'
6363
echo 'target_repo_branch=${{ fromJSON(steps.inputs.outputs.result).merge_target }}' >> "$GITHUB_OUTPUT"
6464
65-
- name: Get Release Bot auth token
65+
- name: Get auth token
6666
id: token
6767
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
6868
with:
69-
app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
70-
private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
69+
app-id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
70+
private-key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
7171
owner: getsentry # create token that have access to all repos
7272

7373
- uses: actions/checkout@v6
@@ -110,7 +110,7 @@ jobs:
110110
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
111111
# We need to use separate tokens for GHCR.IO and GitHub API access
112112
# Because we can only access ghcr.io with GITHUB_TOKEN but that token
113-
# cannot do other cross-repo operations like our Release Bot App
113+
# cannot do other cross-repo operations like our Internal App
114114
# Thanks GitHub
115115
DOCKER_GHCR_IO_USERNAME: x-access-token # for ghcr.io auth
116116
DOCKER_GHCR_IO_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # for ghcr.io auth

0 commit comments

Comments
 (0)