diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb99f16a7..d6e08827c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -103,11 +103,28 @@ jobs: id-token: write contents: write steps: + - name: Generate GitHub App Token + id: release-bot-token + # see https://github.com/actions/create-github-app-token + uses: actions/create-github-app-token@v3 + with: + # see https://github.com/organizations/CycloneDX/settings/apps/cyclonedx-internal-release-bot + app-id: 3335294 + private-key: ${{ secrets.CDX_RELEASE_BOT_PRIVATE_KEY }} + - name: Get GitHub App User ID + id: release-bot-user-id + run: | + set -xeu + echo "user-id=$(gh api "/users/${{ steps.release-bot-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.release-bot-token.outputs.token }} + - name: Checkout code # see https://github.com/actions/checkout uses: actions/checkout@v6 with: fetch-depth: 0 + token: ${{ steps.release-bot-token.outputs.token }} - name: Setup python # see https://github.com/actions/setup-python @@ -134,7 +151,9 @@ jobs: # see https://github.com/python-semantic-release/python-semantic-release uses: python-semantic-release/python-semantic-release@v10.0.2 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + git_committer_name: ${{ steps.release-bot-token.outputs.app-slug }}[bot] + git_committer_email: ${{ steps.release-bot-user-id.outputs.user-id }}+${{ steps.release-bot-token.outputs.app-slug }}[bot]@users.noreply.github.com + github_token: ${{ steps.release-bot-token.outputs.token }} force: ${{ github.event.inputs.release_force }} prerelease: ${{ github.event.inputs.prerelease }} prerelease_token: ${{ github.event.inputs.prerelease_token }} @@ -151,5 +170,5 @@ jobs: # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html#python-semantic-release-publish-action uses: python-semantic-release/publish-action@v10 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.release-bot-token.outputs.token }} tag: ${{ steps.release.outputs.tag }} diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index ff9bd20b3..21ae3a1aa 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -22,4 +22,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "11.7.0" # noqa:Q000 +__version__ = "11.7.0-rc.4" # noqa:Q000 diff --git a/docs/conf.py b/docs/conf.py index 31daedd81..531419289 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -23,7 +23,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '11.7.0' +release = '11.7.0-rc.4' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 52b5dfdc6..623cc250a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "11.7.0" +version = "11.7.0-rc.4" description = "Python library for CycloneDX" authors = [ "Paul Horton ", @@ -115,8 +115,7 @@ jsonschema = { version = "*", extras = ["format"], optional=true } logging_use_named_masks = true commit_parser = "conventional" commit_parser_options = { parse_squash_commits = true, ignore_merge_commits = true } -commit_author = "semantic-release " -commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release\n\nSigned-off-by: semantic-release " +commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release" upload_to_vcs_release = true build_command = """ pip install poetry