ci: use GITHUB_TOKEN when app config missing (#7374)

Allow testing workflows more on forks when app configuration missing. Signed-off-by: Austin Horstman <khaneliman12@gmail.com>
2026-01-11 17:39:37 +08:00 · 2025-07-02 12:17:42 -05:00
parent a7820832c6
commit 9347c61bc0
3 changed files with 16 additions and 14 deletions
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -1,13 +1,11 @@
 # Based on
 # https://github.com/NixOS/nixpkgs/blob/2566f9dc/.github/workflows/backport.yml
 name: Backport
-
 on:
  pull_request_target:
    types:
      - closed
      - labeled
-
 jobs:
  backport:
    name: Backport Pull Request
@@ -23,21 +21,20 @@ jobs:
    steps:
      - name: Create GitHub App token
        uses: actions/create-github-app-token@v2
+        if: vars.CI_APP_ID
        id: app-token
        with:
          app-id: ${{ vars.CI_APP_ID }}
          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-
      - uses: actions/checkout@v4
        with:
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
          ref: ${{ github.event.pull_request.head.sha }}
-
      - name: Create backport PRs
        id: backport
        uses: korthout/backport-action@v3
        with:
          # See https://github.com/korthout/backport-action#inputs
-          github_token: ${{ steps.app-token.outputs.token }}
+          github_token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
          branch_name: backport/${target_branch}/${pull_number}
          copy_labels_pattern: .*
--- a/.github/workflows/update-flake.yml
+++ b/.github/workflows/update-flake.yml
@@ -14,14 +14,16 @@ jobs:
    steps:
      - name: Create GitHub App token
        uses: actions/create-github-app-token@v2
+        if: vars.CI_APP_ID
        id: app-token
        with:
          app-id: ${{ vars.CI_APP_ID }}
          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
      - name: Get GitHub App user info
+        if: vars.CI_APP_ID
        id: user-info
        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token}}
          slug: ${{ steps.app-token.outputs.app-slug }}
        run: |
          name="$slug[bot]"
@@ -35,16 +37,17 @@ jobs:
        uses: actions/checkout@v4
        with:
          ref: ${{ matrix.branch }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
      - name: Install Nix
        uses: cachix/install-nix-action@v31
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@v25
        with:
-          token: ${{ steps.app-token.outputs.token }}
-          git-committer-name: ${{ steps.user-info.outputs.name }}
-          git-committer-email: ${{ steps.user-info.outputs.email }}
-          git-author-name: ${{ steps.user-info.outputs.name }}
-          git-author-email: ${{ steps.user-info.outputs.email }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
+          git-committer-name: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }}
+          git-committer-email: ${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}
+          git-author-name: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }}
+          git-author-email: ${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}
          pr-labels: dependencies
          pr-title: "[${{ matrix.branch }}] flake.lock: Update"
          pr-body: |
--- a/.github/workflows/update-maintainers.yml
+++ b/.github/workflows/update-maintainers.yml
@@ -17,12 +17,14 @@ jobs:
    steps:
      - name: Create GitHub App token
        uses: actions/create-github-app-token@v2
+        if: vars.CI_APP_ID
        id: app-token
        with:
          app-id: ${{ vars.CI_APP_ID }}
          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
      - name: Get GitHub App user info
        id: user-info
+        if: vars.CI_APP_ID
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
          slug: ${{ steps.app-token.outputs.app-slug }}
@@ -37,7 +39,7 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
      - name: Get Nixpkgs revision from flake.lock
        id: get-nixpkgs
        run: |
@@ -81,7 +83,7 @@ jobs:
      - name: Create Pull Request
        if: steps.check-changes.outputs.has_changes == 'true' || github.event.inputs.create_pr == 'true'
        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
          title: "maintainers: update all-maintainers.nix"
          commit_body: |
            Automated update of the master maintainers list combining: