feat: integration with github-token-minter action (#33)

bradegler · verbanicm · commit b9b3aaec3280 · 2023-02-24T13:56:21.000-05:00
diff --git a/.github/workflows/update-checksums.yml b/.github/workflows/update-checksums.yml
@@ -17,7 +17,6 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '0 0 */1 * *'
-
 jobs:
   update-checksums:
     permissions:
@@ -31,13 +30,23 @@ jobs:
       # Generate updates to the checksum file if there are new released versions of terraform
       - id: 'generate-updates'
         run: './.github/generate_version_checksums.sh $GITHUB_WORKSPACE/terraform-checksums.json;'
+      - id: 'mint-token'
+        uses: 'abcxyz/github-token-minter/.github/actions/mint-token@5e591a16aaa83eb0d1152b557db9fa683f2c8281'
+        with:
+          wif_provider: ${{ vars.GHTM_WIF_PROVIDER }}
+          wif_service_account: ${{ vars.GHTM_WIF_SERVICE_ACCOUNT }}
+          service_audience: ${{ vars.GHTM_SERVICE_AUDIENCE }}
+          service_url: ${{ vars.GHTM_SERVICE_URL }}
       # Create a pull request for review
       - id: 'create-pull-request'
         if: ${{ env.CHANGES }}
         uses: peter-evans/create-pull-request@b4d51739f96fca8047ad065eccef63442d8e99f7 # ratchet:peter-evans/create-pull-request@v4
         with:
+          token: ${{ steps.mint-token.outputs.token }}
           add-paths: 'terraform-checksums.json'
           commit-message: 'chore: [automated] checksum updates'
+          committer: 'abcxyz bot <abcxyz-token-minter-github-app@google.com>'
+          author: 'abcxyz bot <abcxyz-token-minter-github-app@google.com>'
           delete-branch: true
           branch: '${{ env.PR_BRANCH }}'
           title: 'chore: Terraform checksum updates for ${{ env.UPDATE_DATE }}'
