From f2d29f47906c588c4ae2ba2d7e58e4ec83074b99 Mon Sep 17 00:00:00 2001 From: Conrad Irwin Date: Wed, 17 Dec 2025 15:32:28 -0700 Subject: [PATCH] Auto-release preview as Zippy (#45163) I think we're not triggering the after-release workflow because of github's loop detection when you use the default GITHUB_TOKEN Closes #ISSUE Release Notes: - N/A --- .github/workflows/autofix_pr.yml | 2 +- .github/workflows/cherry_pick.yml | 2 +- .github/workflows/release.yml | 8 +++++++- tooling/xtask/src/tasks/workflows/autofix_pr.rs | 15 +-------------- .../xtask/src/tasks/workflows/cherry_pick.rs | 17 ++--------------- tooling/xtask/src/tasks/workflows/release.rs | 5 ++++- tooling/xtask/src/tasks/workflows/steps.rs | 13 +++++++++++++ 7 files changed, 29 insertions(+), 33 deletions(-) diff --git a/.github/workflows/autofix_pr.yml b/.github/workflows/autofix_pr.yml index 1591ba2a9a98b8587814d25858f4e0d78d9f7d34..d3688a722aa107efb3dfb95351404f43c9aece65 100644 --- a/.github/workflows/autofix_pr.yml +++ b/.github/workflows/autofix_pr.yml @@ -90,7 +90,7 @@ jobs: runs-on: namespace-profile-2x4-ubuntu-2404 steps: - id: get-app-token - name: autofix_pr::commit_changes::authenticate_as_zippy + name: steps::authenticate_as_zippy uses: actions/create-github-app-token@bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1 with: app-id: ${{ secrets.ZED_ZIPPY_APP_ID }} diff --git a/.github/workflows/cherry_pick.yml b/.github/workflows/cherry_pick.yml index bc01aae17e7141a2359b162c3de94c1aec7b765c..d4dee5154f2209521f3e9d183c05c118e8861521 100644 --- a/.github/workflows/cherry_pick.yml +++ b/.github/workflows/cherry_pick.yml @@ -30,7 +30,7 @@ jobs: with: clean: false - id: get-app-token - name: cherry_pick::run_cherry_pick::authenticate_as_zippy + name: steps::authenticate_as_zippy uses: actions/create-github-app-token@bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1 with: app-id: ${{ secrets.ZED_ZIPPY_APP_ID }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 155b38666f4bd73e68e9ea326db9a6862288a1fe..8cc63340902fb061c66e5896308f2cad9c31f947 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -478,11 +478,17 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') && endsWith(github.ref, '-pre') && !endsWith(github.ref, '.0-pre') runs-on: namespace-profile-2x4-ubuntu-2404 steps: + - id: get-app-token + name: steps::authenticate_as_zippy + uses: actions/create-github-app-token@bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1 + with: + app-id: ${{ secrets.ZED_ZIPPY_APP_ID }} + private-key: ${{ secrets.ZED_ZIPPY_APP_PRIVATE_KEY }} - name: gh release edit "$GITHUB_REF_NAME" --repo=zed-industries/zed --draft=false run: gh release edit "$GITHUB_REF_NAME" --repo=zed-industries/zed --draft=false shell: bash -euxo pipefail {0} env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.get-app-token.outputs.token }} notify_on_failure: needs: - upload_release_assets diff --git a/tooling/xtask/src/tasks/workflows/autofix_pr.rs b/tooling/xtask/src/tasks/workflows/autofix_pr.rs index f4a8e0e2b09df93cc430f0931c3db3f9e67b07df..ab59e735225dfb4f9658960a35a992553642b4c2 100644 --- a/tooling/xtask/src/tasks/workflows/autofix_pr.rs +++ b/tooling/xtask/src/tasks/workflows/autofix_pr.rs @@ -109,19 +109,6 @@ fn run_autofix(pr_number: &WorkflowInput, run_clippy: &WorkflowInput) -> NamedJo } fn commit_changes(pr_number: &WorkflowInput, autofix_job: &NamedJob) -> NamedJob { - fn authenticate_as_zippy() -> (Step, StepOutput) { - let step = named::uses( - "actions", - "create-github-app-token", - "bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1", - ) - .add_with(("app-id", vars::ZED_ZIPPY_APP_ID)) - .add_with(("private-key", vars::ZED_ZIPPY_APP_PRIVATE_KEY)) - .id("get-app-token"); - let output = StepOutput::new(&step, "token"); - (step, output) - } - fn checkout_pr(pr_number: &WorkflowInput, token: &StepOutput) -> Step { named::bash(&format!("gh pr checkout {pr_number}")).add_env(("GITHUB_TOKEN", token)) } @@ -148,7 +135,7 @@ fn commit_changes(pr_number: &WorkflowInput, autofix_job: &NamedJob) -> NamedJob .add_env(("GITHUB_TOKEN", token)) } - let (authenticate, token) = authenticate_as_zippy(); + let (authenticate, token) = steps::authenticate_as_zippy(); named::job( Job::default() diff --git a/tooling/xtask/src/tasks/workflows/cherry_pick.rs b/tooling/xtask/src/tasks/workflows/cherry_pick.rs index 105bf74c4194a46ad4ca62991fae3a945eea150d..eaa786837f84ebf4d4f7e1a579db0c7b4dcc5040 100644 --- a/tooling/xtask/src/tasks/workflows/cherry_pick.rs +++ b/tooling/xtask/src/tasks/workflows/cherry_pick.rs @@ -3,7 +3,7 @@ use gh_workflow::*; use crate::tasks::workflows::{ runners, steps::{self, NamedJob, named}, - vars::{self, StepOutput, WorkflowInput}, + vars::{StepOutput, WorkflowInput}, }; pub fn cherry_pick() -> Workflow { @@ -29,19 +29,6 @@ fn run_cherry_pick( commit: &WorkflowInput, channel: &WorkflowInput, ) -> NamedJob { - fn authenticate_as_zippy() -> (Step, StepOutput) { - let step = named::uses( - "actions", - "create-github-app-token", - "bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1", - ) // v2 - .add_with(("app-id", vars::ZED_ZIPPY_APP_ID)) - .add_with(("private-key", vars::ZED_ZIPPY_APP_PRIVATE_KEY)) - .id("get-app-token"); - let output = StepOutput::new(&step, "token"); - (step, output) - } - fn cherry_pick( branch: &WorkflowInput, commit: &WorkflowInput, @@ -54,7 +41,7 @@ fn run_cherry_pick( .add_env(("GITHUB_TOKEN", token)) } - let (authenticate, token) = authenticate_as_zippy(); + let (authenticate, token) = steps::authenticate_as_zippy(); named::job( Job::default() diff --git a/tooling/xtask/src/tasks/workflows/release.rs b/tooling/xtask/src/tasks/workflows/release.rs index e06a71340192c036d442d65d9572e52ed2983cae..80fb075f7f6445b1a6a078d9defba2018a406851 100644 --- a/tooling/xtask/src/tasks/workflows/release.rs +++ b/tooling/xtask/src/tasks/workflows/release.rs @@ -97,17 +97,20 @@ pub(crate) fn create_sentry_release() -> Step { } fn auto_release_preview(deps: &[&NamedJob; 1]) -> NamedJob { + let (authenticate, token) = steps::authenticate_as_zippy(); + named::job( dependant_job(deps) .runs_on(runners::LINUX_SMALL) .cond(Expression::new(indoc::indoc!( r#"startsWith(github.ref, 'refs/tags/v') && endsWith(github.ref, '-pre') && !endsWith(github.ref, '.0-pre')"# ))) + .add_step(authenticate) .add_step( steps::script( r#"gh release edit "$GITHUB_REF_NAME" --repo=zed-industries/zed --draft=false"#, ) - .add_env(("GITHUB_TOKEN", vars::GITHUB_TOKEN)), + .add_env(("GITHUB_TOKEN", &token)), ) ) } diff --git a/tooling/xtask/src/tasks/workflows/steps.rs b/tooling/xtask/src/tasks/workflows/steps.rs index 54873c011ce9d1fb7d4e7e0b734695c7c1a30fad..5ff7c0cae3c3740fa89abd84d049f9f76e7d721b 100644 --- a/tooling/xtask/src/tasks/workflows/steps.rs +++ b/tooling/xtask/src/tasks/workflows/steps.rs @@ -354,3 +354,16 @@ pub fn trigger_autofix(run_clippy: bool) -> Step { )) .add_env(("GITHUB_TOKEN", vars::GITHUB_TOKEN)) } + +pub fn authenticate_as_zippy() -> (Step, StepOutput) { + let step = named::uses( + "actions", + "create-github-app-token", + "bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1", + ) + .add_with(("app-id", vars::ZED_ZIPPY_APP_ID)) + .add_with(("private-key", vars::ZED_ZIPPY_APP_PRIVATE_KEY)) + .id("get-app-token"); + let output = StepOutput::new(&step, "token"); + (step, output) +}