ai
ai copied to clipboard
vercel
[maintenance] trigger CI for "Version Packages" pull requests
Description
Example: https://github.com/vercel/ai/pull/5837
These pull requests are created via the release.yml workflow:
https://github.com/vercel/ai/blob/7206b1f58a6c3fc6d4442999569e2679c28e9017/.github/workflows/release.yml#L39-L48
The reason that these pull requests do not trigger CI is that we pass secrets.GITHUB_TOKEN for authentication. That token is conveniently provided to GitHub workflows automatically, but it has some limitations. One of them is that tasks performed using secrets.GITHUB_TOKEN do not trigger other GitHub Actions (except for workflow_dispatch and repository_dispatch events)
https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow
In order to workaround it we can register a single-purpose GitHub app and then utilize the official actions/create-github-app-token action to create an access token for that app. Up to 100 GitHub apps can be registered per organization, and I think GitHub can bump this limit should it ever become necessary.
Tasks
-
[ ] Register private GitHub app on @vercel. e.g.
vercel-ai-skd-release. Disable webhooks, permissions:contents:writeandpull_requests:write. -
[ ] Add the GitHub App's Client ID as repository variable (e.g.
GITHUB_APP_VERCEL_AI_SKD_RELEASE_ID) and the private key as repository secret (e.g.GITHUB_APP_VERCEL_AI_SKD_RELEASE_PRIVATE_KEY) -
[ ] Before the "Create Release Pull Request or Publish to npm" step in the release workflow (source), add a step to create the installation access token, like this
- uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ vars.GITHUB_APP_VERCEL_AI_SKD_RELEASE_ID }} private-key: ${{ secrets.GITHUB_APP_VERCEL_AI_SKD_RELEASE_PRIVATE_KEY }} -
[ ] In the "Create Release Pull Request or Publish to npm" step in the release workflow, replace
${{ secrets.GITHUB_TOKEN }}with${{ steps.app-token.outputs.token }}(source)
