Standardize GitHub App Bot Authentication Across Workflows (#3582)

# Description of Changes Please provide a summary of the changes, including: - **What was changed** - Removed individual `actions/create-github-app-token` steps and replaced them with a centralized `setup-bot` custom action across all workflows. - Updated steps to use `steps.setup-bot.outputs` instead of `steps.generate-token.outputs`. - Standardized step names and ordering (e.g. checkout before bot setup). - Simplified `sync_files.yml` by eliminating the `read_bot_entries` job and directly using `setup-bot` outputs. - Added or adjusted permissions where required (e.g. `repository-projects: write` in `licenses-update.yml`). - **Why the change was made** - To centralize and standardize GitHub App authentication logic, reduce duplication, and improve maintainability of CI workflows. - To ensure a consistent bot identity (app slug, token, committer/author) across all actions and PR automation. - To streamline workflow configurations and make future updates easier. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details.
2026-02-17 13:52:14 +01:00 · 2025-05-27 13:36:41 +02:00
parent 055c642136
commit be1a9cc8da
5 changed files with 91 additions and 108 deletions
--- a/.github/workflows/sync_files.yml
+++ b/.github/workflows/sync_files.yml
@@ -16,44 +16,7 @@ permissions:
  contents: read

 jobs:
-  read_bot_entries:
-    runs-on: ubuntu-latest
-    outputs:
-      userName: ${{ steps.get-user-id.outputs.user_name }}
-      userEmail: ${{ steps.get-user-id.outputs.user_email }}
-      committer: ${{ steps.committer.outputs.committer }}
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: Generate GitHub App Token
-        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
-        with:
-          app-id: ${{ secrets.GH_APP_ID }}
-          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-
-      - name: Get GitHub App User ID
-        id: get-user-id
-        run: |
-          USER_NAME="${{ steps.generate-token.outputs.app-slug }}[bot]"
-          USER_ID=$(gh api "/users/$USER_NAME" --jq .id)
-          USER_EMAIL="$USER_ID+$USER_NAME@users.noreply.github.com"
-          echo "user_name=$USER_NAME" >> "$GITHUB_OUTPUT"
-          echo "user_email=$USER_EMAIL" >> "$GITHUB_OUTPUT"
-          echo "user-id=$USER_ID" >> "$GITHUB_OUTPUT"
-        env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-
-      - id: committer
-        run: |
-          COMMITTER="${{ steps.get-user-id.outputs.user_name }} <${{ steps.get-user-id.outputs.user_email }}>"
-          echo "committer=$COMMITTER" >> "$GITHUB_OUTPUT"
-
  sync-files:
-    needs: ["read_bot_entries"]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
@@ -61,34 +24,29 @@ jobs:
        with:
          egress-policy: audit

-      - name: Generate GitHub App Token
-        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup GitHub App Bot
+        id: setup-bot
+        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ vars.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.12"
-          cache: 'pip' # caching pip dependencies
+          cache: "pip" # caching pip dependencies

      - name: Sync translation property files
        run: |
          python .github/scripts/check_language_properties.py --reference-file "src/main/resources/messages_en_GB.properties" --branch main

-      - name: Set up git config
-        run: |
-          git config --global user.name ${{ needs.read_bot_entries.outputs.userName }}
-          git config --global user.email ${{ needs.read_bot_entries.outputs.userEmail }}
-
-      - name: Run git add
+      - name: Commit translation files
        run: |
          git add src/main/resources/messages_*.properties
-          git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "no changes"
+          git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "No changes detected"

      - name: Install dependencies
        run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt
@@ -100,15 +58,16 @@ jobs:
      - name: Run git add
        run: |
          git add README.md
-          git diff --staged --quiet || git commit -m ":memo: Sync README.md" || echo "no changes"
+          git diff --staged --quiet || git commit -m ":memo: Sync README.md" || echo "No changes detected"

      - name: Create Pull Request
+        if: always()
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ steps.setup-bot.outputs.token }}
          commit-message: Update files
-          committer: ${{ needs.read_bot_entries.outputs.committer }}
-          author: ${{ needs.read_bot_entries.outputs.committer }}
+          committer: ${{ steps.setup-bot.outputs.committer }}
+          author: ${{ steps.setup-bot.outputs.committer }}
          signoff: true
          branch: sync_readme
          title: ":globe_with_meridians: Sync Translations + Update README Progress Table"