Merge pull request #9 from solenova-tech/removing-dependency-from-PAT

Removing dependency from pat
solenova-tech · May 24, 2023 · 1fc3358 · 1fc3358
2 parents 6e589db + 86e4ae4
commit 1fc3358
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 54 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,10 @@ This action is triggered only when a pull request is opened, reopened, or synchr
 ```YML
 name: Merge PR to Testing Branch
 
+permissions:
+  contents: write # for pushing the code back to your testing branch
+  pull-requests: write # Add this optional for allowing the action to make a comment of acknowledgment on the PR
+
 on:
   pull_request:
     branches:
@@ -24,43 +28,19 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+    - name: Checks out code
+      uses: actions/checkout@v3
+
     - name: Merge PR to Testing Branch
       uses: solenova-tech/[email protected] # replace version with latest from https://github.com/marketplace/actions/gamma-ci-made-easy
       with:
         target-branch: 'staging' # replace this name with your testing branch
-        token: ${{ secrets.GITHUB_TOKEN }} # Read below on how to get this
 ```
 
-This action requires a personal access token (PAT) with appropriate permissions to perform the merge operation. Make sure you provide the token input with a valid GitHub Personal Access Token. Create a PAT with the REPO permission using the following steps:
-- Sign in to your GitHub account.
-- Click on your profile icon in the top-right corner, and then click on "Settings" in the dropdown menu.
-- In the left sidebar, click on "Developer settings".
-- In the left sidebar, click on "Personal access tokens" to expand the collapsable sub-menu.
-  - Click on the tokens (classic)
-- Click on the "Generate new token" button.
-  - In the sub-menu select "Generate new token (classic)"
-- Provide a descriptive note for your token in the "Note" field. This will help you identify the token's purpose later.
-- Select the desired scopes or permissions for the token. Scopes define the level of access the token will have. (for our use only "**repo**" permission is enough.
-- If you want the token to have access only during a specific time period, you can set an expiration date for it.
-- Once you have configured the note and scopes, click on the "Generate token" button.
-- GitHub will generate a new Personal Access Token for you. Copy the token value.
-  - After generating the token, it will be displayed only once. GitHub will not show it to you again. If you lose the token, you will need to generate a new one.
-- Navigate to the main page of your repository on GitHub.
-- Click on the "Settings" tab located near the top-right corner of the repository page.
-- In the left sidebar, click on "Secrets and varialbes".
-  - In the now new expanded sub menu, click on "Actions"
-- Click on the "New repository secret" button.
-- Enter a name for your secret in the "Name" field. This should be a descriptive name that helps identify the purpose of the secret. In the above example, we are using the 'GITHUB_TOKEN' as Name
-- In the "Value" field, enter the actual value of the secret. This can be a password, an access token, or any other sensitive information that you want to securely store, in our case the PAT that you copied above.
-- Click on the "Add secret" button to save the secret.
-**Note that, PAT grants significant access to your GitHub account, so treat them like passwords and keep them secure.**
-
 ## Inputs
 
 `target-branch` (optional): The branch in which you want to merge the pull request. Defaults to 'alpha'.
 
-`token` (required): GitHub Personal Access Token. Make sure to provide a valid token.
-
 ## License
 
 This project is licensed under the MIT License
diff --git a/action.yml b/action.yml
@@ -7,9 +7,6 @@ inputs:
     description: 'Branch in which you want to merge the PR, defaults to alpha'
     required: false
     default: 'alpha'
-  token:
-    description: GitHub Personal Access Token
-    required: true
 branding:
   icon: 'activity'
   color: 'white'
@@ -23,31 +20,14 @@ runs:
       shell: bash
       if: ${{ github.event_name != 'pull_request' }}
 
-    - id: config-setup
-      run: |
-        echo "SETTING UP GIT CONFIG"
-        git config --global user.email "${{ github.actor }}@users.noreply.github.com"
-        git config --global user.name "${{ github.actor }}"
-      shell: bash
-      env:
-        GITHUB_PAT: ${{ inputs.token }}
-
     - id: merge-branch
       run: |
-        echo "DECLARING DEFAULT BRANCH"
-        BRANCH=${{ github.event.repository.default_branch }}
         if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
-          echo "INITIALIZING GIT REPO"
-          git init
-          echo "SETTING DEFAULT BRANCH"
-          git branch -m $BRANCH
-          echo "SETTING UP GIT REMOTE ORIGIN"
-          git remote add origin https://${{ github.repository_owner }}:${{ env.GITHUB_PAT }}@github.com/${{ github.repository }}.git
-        else
-          echo "UPDATING REMOTE ORIGIN FOR PRE EXISTING REPO"
-          git config --unset http.https://github.com/.extraheader
-          git remote set-url origin https://${{ github.repository_owner }}:${{ env.GITHUB_PAT }}@github.com/${{ github.repository }}.git
+          echo "GIT REPO NOT FOUND, PLEASE USE \`actions/checkout@latest\`"
+          exit 1
         fi
+        echo "DECLARING DEFAULT BRANCH"
+        BRANCH=${{ github.event.repository.default_branch }}
         git fetch
         if ! git ls-remote --exit-code --heads origin ${{ env.TARGET_BRANCH }} >/dev/null 2>&1; then
           echo "CHECKING OUT \`$BRANCH\`"
@@ -66,6 +46,9 @@ runs:
         fi
         echo "PULLING CHANGES IF ANY"
         git pull origin ${{ env.TARGET_BRANCH }}
+        echo "SETTING GITHUB-ACTION BOT CONFIG"
+        git config user.name 'github-actions[bot]'
+        git config user.email 'github-actions[bot]@users.noreply.github.com'
         echo "MERGING PR IN \`${{ env.TARGET_BRANCH }}\`"
         git merge --no-ff origin/${{ github.event.pull_request.head.ref }} -m "Merge pull request into ${{ env.TARGET_BRANCH }}"
         echo "PUSHING CHANGES TO ${{ env.TARGET_BRANCH }}"
@@ -74,7 +57,6 @@ runs:
       if: ${{ github.event_name == 'pull_request' && ( github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' ) }}
       env:
         TARGET_BRANCH: ${{ inputs.target-branch }}
-        GITHUB_PAT: ${{ inputs.token }}
 
     - id: leave-comment
       run: |
@@ -85,9 +67,8 @@ runs:
         API_URL="https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments"
 
         echo "POSTING COMMENT ON PR"
-        curl -X POST -H "Authorization: Bearer ${{ env.GITHUB_PAT }}" -d "{\"body\":\"$COMMENT\"}" $API_URL
+        curl -X POST -H "Authorization: Bearer ${{ github.token }}" -d "{\"body\":\"$COMMENT\"}" $API_URL
       shell: bash
       if: ${{ steps.merge-branch.outcome == 'success' }}
       env:
         TARGET_BRANCH: ${{ inputs.target-branch }}
-        GITHUB_PAT: ${{ inputs.token }}