Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: fixup release permissions

This commit is contained in:
Maximilian Hils 2022-10-28 14:39:52 +02:00
parent 420d7f1cea
commit 8a79f61790
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/release.yml vendored
View File

@ -18,21 +18,13 @@ permissions:
contents: write contents: write
jobs: jobs:
# this job is just here as a fail-safe to make sure that the invoking user has the necessary permissions
# before we start the release process. This way we hopefully don't have to clean up incomplete release processes.
permission-check:
runs-on: ubuntu-latest
environment: deploy-release
steps:
- run: echo "ok"
release: release:
needs: permission-check environment: deploy-release
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
token: ${{ secrets.GH_PUSH_TOKEN }} # this token works to push to the protected main branch.
- uses: actions/setup-node@v3 - uses: actions/setup-node@v3
with: with:
node-version-file: .github/node-version.txt node-version-file: .github/node-version.txt
@ -40,3 +32,5 @@ jobs:
with: with:
python-version-file: .github/python-version.txt python-version-file: .github/python-version.txt
- run: ./release/release.py ${{ inputs.version }} ${{ inputs.skip-branch-status-check }} - run: ./release/release.py ${{ inputs.version }} ${{ inputs.skip-branch-status-check }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # this token works with the GraphQL API

7
release/release.py
View File

@ -98,8 +98,11 @@ if __name__ == "__main__":
"--title", f"mitmproxy {version}", "--title", f"mitmproxy {version}",
"--notes-file", "release/github-release-notes.txt"], cwd=root, check=True) "--notes-file", "release/github-release-notes.txt"], cwd=root, check=True)
print("➡️ Dispatching release workflow...") # We currently have to use a personal access token, which auto-triggers CI.
subprocess.run(["gh", "workflow", "run", "main.yml", "--ref", version], cwd=root, check=True) # The default GITHUB_TOKEN cannot push to protected branches,
# see https://github.com/community/community/discussions/13836.
# print("➡️ Dispatching release workflow...")
# subprocess.run(["gh", "workflow", "run", "main.yml", "--ref", version], cwd=root, check=True)
print("") print("")
print("✅ CI is running now. Make sure to approve the deploy step: https://github.com/mitmproxy/mitmproxy/actions") print("✅ CI is running now. Make sure to approve the deploy step: https://github.com/mitmproxy/mitmproxy/actions")