1313 - RELEASES.md
1414 - ' */RELEASES.md'
1515jobs :
16- mint-token :
16+ tokens :
1717 runs-on : ubuntu-latest
1818 outputs :
19- api-token : ${{ steps.mint-token.outputs.api-token }}
19+ pypi-token : ${{ steps.pypi-token.outputs.pypi-token }}
20+ gh-token : ${{ steps.gh-token.outputs.token }}
2021 steps :
21- - name : Mint API token
22- id : mint-token
22+ # Trusted Publisher PyPI token
23+ # See: https://docs.pypi.org/trusted-publishers/using-a-publisher/)
24+ - name : Mint PyPI token
25+ id : pypi-token
2326 run : |
2427 # retrieve the ambient OIDC token
2528 resp=$(curl -sS --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
@@ -31,11 +34,19 @@ jobs:
3134 api_token=$(jq -r '.token' <<< "${resp}")
3235
3336 # see the next step in the workflow for an example of using this step output
34- echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
37+ echo "pypi-token=${api_token}" >> "${GITHUB_OUTPUT}"
38+ # Generate a GitHub App Installation token to allow this workflow to trigger other events (like release published)
39+ # See: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow
40+ - name : Generate a GitHub App Installation token
41+ id : gh-token
42+ uses : actions/create-github-app-token@v1
43+ with :
44+ app-id : ${{ secrets.INTERNAL_GHA_APP_ID }}
45+ private-key : ${{ secrets.INTERNAL_GHA_APP_PRIVATE_KEY }}
3546 publish :
36- needs : mint-token
47+ needs : tokens
3748 uses : speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@v15
3849 secrets :
39- github_access_token : ${{ secrets.GITHUB_TOKEN }}
40- pypi_token : ${{ needs.mint-token .outputs.api -token }}
50+ github_access_token : ${{ needs.tokens.outputs.gh-token }}
51+ pypi_token : ${{ needs.tokens .outputs.pypi -token }}
4152 speakeasy_api_key : ${{ secrets.SPEAKEASY_API_KEY }}
0 commit comments