test workflow

inkonchain · Feb 4, 2025 · a0cff56 · a0cff56
1 parent 049462e
commit a0cff56
Showing 1 changed file with 43 additions and 12 deletions.
diff --git a/.github/workflows/ship.yml b/.github/workflows/ship.yml
@@ -4,12 +4,7 @@ concurrency:
   cancel-in-progress: true
 on:
   push:
-    branches: ["main"]
-    paths:
-      - .github/workflows/ship.yml
-      - "**"
-  pull_request:
-    branches: ["main"]
+    branches: ["main2"]
     paths:
       - .github/workflows/ship.yml
       - "**"
@@ -80,9 +75,45 @@ jobs:
           MULTIPLIER_JWT_SECRET=${{ secrets.MULTIPLIER_JWT_SECRET }}
           EOF
 
-      - uses: ./.github/actions/image-build-push
-        with:
-          repository-name: ink-web-app
-          dockerfile-path: ./Dockerfile
-          docker-context: ./
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+      # - uses: ./.github/actions/image-build-push
+      #   with:
+      #     repository-name: ink-web-app
+      #     dockerfile-path: ./Dockerfile
+      #     docker-context: ./
+      #     github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate GitHub App Token
+        id: generate-token
+        run: |
+          # Create a JWT using the app ID and private key
+          JWT_PAYLOAD=$(echo -n '{"iat":'"$(($(date +%s) - 60))"',"exp":'"$(($(date +%s) + 600))"',"iss":"${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_APP_ID }}"}' | base64 | tr -d '=' | tr '/+' '_-')
+          JWT_HEADER=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | tr -d '=' | tr '/+' '_-')
+
+          # Write private key to temp file
+          echo "${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_PRIVATE_KEY }}" > private-key.pem
+
+          # Sign the JWT
+          JWT_SIGNATURE=$(echo -n "${JWT_HEADER}.${JWT_PAYLOAD}" | openssl dgst -binary -sha256 -sign private-key.pem | openssl base64 | tr -d '=' | tr '/+' '_-')
+          JWT="${JWT_HEADER}.${JWT_PAYLOAD}.${JWT_SIGNATURE}"
+
+          # Exchange JWT for installation token
+          INSTALLATION_TOKEN=$(curl -s -X POST \
+            -H "Authorization: Bearer ${JWT}" \
+            -H "Accept: application/vnd.github.v3+json" \
+            "https://api.github.com/app/installations/${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_INSTALLATION_ID }}/access_tokens" \
+            | jq -r .token)
+
+          # Clean up
+          rm private-key.pem
+
+          # Set output
+          echo "token=${INSTALLATION_TOKEN}" >> $GITHUB_OUTPUT
+
+      - name: Trigger infra update
+        if: github.ref == 'refs/heads/main2'
+        run: |
+          curl -X POST \
+            -H "Accept: application/vnd.github.v3+json" \
+            -H "Authorization: Bearer ${{ steps.generate-token.outputs.token }}" \
+            ${{ secrets.TARGET_REPOSITORY_DISPATCH_URL }} \
+            -d '{"event_type": "update-test-file", "client_payload": {"message": "Test commit from GitHub Actions"}}'