From 78f79d88f356e6a15cecd32b5127f818999870e7 Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Fri, 25 Apr 2025 12:18:35 -0700 Subject: [PATCH] Improve the workflows (#3838) 1. Use Personal Access Token (PAT) for creating PR in the update-readme workflow Currently, the PR made by the update-readme workflow does not trigger the CI to run, because GitHub does not trigger workflows for pull requests made by a GitHub Actions token (GITHUB_TOKEN) by default. To fix the above issue, with this PR, the workflow will now retrieve and use a Personal Access Token (PAT) for creating the PR. 2. Add the same paths-ignore to the test-cni workflow as the one in the main workflow --- .github/workflows/test-cni.yaml | 7 ++++++- .github/workflows/update-readme.yml | 12 +++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-cni.yaml b/.github/workflows/test-cni.yaml index b3d54fb0..8f94e133 100644 --- a/.github/workflows/test-cni.yaml +++ b/.github/workflows/test-cni.yaml @@ -4,6 +4,11 @@ on: pull_request: branches: - '**' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' jobs: integration-cni-tests: @@ -24,4 +29,4 @@ jobs: - name: Run ${{ matrix.cni }} check run: | ./scripts/build - ./scripts/integration ${{ matrix.cni }} \ No newline at end of file + ./scripts/integration ${{ matrix.cni }} diff --git a/.github/workflows/update-readme.yml b/.github/workflows/update-readme.yml index d60e9aca..89439e7f 100644 --- a/.github/workflows/update-readme.yml +++ b/.github/workflows/update-readme.yml @@ -7,6 +7,7 @@ on: permissions: contents: write pull-requests: write + id-token: write jobs: update-readme: @@ -49,12 +50,21 @@ jobs: git checkout -b "$BRANCH" git commit -a -m "update README with latest" git push origin "$BRANCH" + + # GitHub does not trigger workflows for pull requests made by a GitHub Actions token (GITHUB_TOKEN) by default. + # Therefore, we need to retrieve a Personal Access Token (PAT) + - name: Retrieve token from vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ; + - name: Create Pull Request if: ${{ env.changes_exist == 'true' }} id: cpr env: SOURCE_BRANCH: ${{ steps.branch.outputs.branch }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ env.PAT_TOKEN }} run: | PR_TITLE="[${GITHUB_REF_NAME}] update README with latest" PR_BODY="Auto-generated by GitHub Actions"