From 1b37b3659b5098f764dee5b893e4eb174949f40a Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Mon, 5 Aug 2024 19:21:17 -0400 Subject: [PATCH] .github/request-reviews.yml: Use GitHub App authentication Since the edk2 repository is owned by an organization, the default GitHub token will not be able to access the collaborator list. Therefore, a GitHub App with `metadata:read` permission will be used to grant access to that REST API. This is used in GitHub.py when it makes the `repo_gh.get_collaborators()` call that resolves to the `/repos/{owner}/{repo}/collaborators` GitHub REST API. Signed-off-by: Michael Kubacki --- .github/workflows/request-reviews.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/request-reviews.yml b/.github/workflows/request-reviews.yml index 13330561f2..e5db19ca08 100644 --- a/.github/workflows/request-reviews.yml +++ b/.github/workflows/request-reviews.yml @@ -32,6 +32,13 @@ jobs: pull-requests: write steps: + - name: Generate Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.TIANOCORE_ASSIGN_REVIEWERS_APPLICATION_ID }} + private-key: ${{ secrets.TIANOCORE_ASSIGN_REVIEWERS_APPLICATION_PRIVATE_KEY }} + # Reduce checkout time with sparse-checkout # - .github: Contains the scripts to interact with Github and add reviewers # - BaseTools/Scripts: Contains the GetMaintainer.py script @@ -57,7 +64,7 @@ jobs: - name: Add Reviewers to Pull Request env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ steps.generate-token.outputs.token }} ORG_NAME: ${{ github.repository_owner }} PR_NUMBER: ${{ github.event.number}} REPO_NAME: ${{ github.event.pull_request.base.repo.name }}