@@ -2,6 +2,11 @@ name: Automated kernel build and test (x86_64)
22
33on :
44 workflow_call :
5+ secrets :
6+ APP_ID :
7+ required : true
8+ APP_PRIVATE_KEY :
9+ required : true
510
611permissions :
712 contents : read
1621 if : " !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[ci skip]')"
1722
1823 steps :
24+ - name : Generate GitHub App token
25+ id : generate_token
26+ uses : actions/create-github-app-token@v1
27+ with :
28+ app-id : ${{ secrets.APP_ID }}
29+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
30+ repositories : |
31+ kernel-container-build
32+
1933name : Checkout kernel source
2034 uses : actions/checkout@v4
2135 with :
2842 repository : ctrliq/kernel-container-build
2943 ref : automated-testing-v1
3044 path : kernel-container-build
31- token : ${{ secrets.PRIVATE_REPO_ACCESS_TOKEN }}
45+ token : ${{ steps.generate_token.outputs.token }}
3246
3347 # Host deps + KVM / FUSE validation
3448 - name : Install host dependencies & verify KVM/FUSE
@@ -92,13 +106,22 @@ jobs:
92106 needs : build
93107
94108 steps :
109+ - name : Generate GitHub App token
110+ id : generate_token
111+ uses : actions/create-github-app-token@v1
112+ with :
113+ app-id : ${{ secrets.APP_ID }}
114+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
115+ repositories : |
116+ kernel-container-build
117+
95118name : Checkout kernel-container-build (test branch)
96119 uses : actions/checkout@v4
97120 with :
98121 repository : ctrliq/kernel-container-build
99122 ref : automated-testing-v1
100123 path : kernel-container-build
101- token : ${{ secrets.PRIVATE_REPO_ACCESS_TOKEN }}
124+ token : ${{ steps.generate_token.outputs.token }}
102125
103126 - name : Install host dependencies
104127 run : |
@@ -146,13 +169,22 @@ jobs:
146169 needs : boot
147170
148171 steps :
172+ - name : Generate GitHub App token
173+ id : generate_token
174+ uses : actions/create-github-app-token@v1
175+ with :
176+ app-id : ${{ secrets.APP_ID }}
177+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
178+ repositories : |
179+ kernel-container-build
180+
149181name : Checkout kernel-container-build (test branch)
150182 uses : actions/checkout@v4
151183 with :
152184 repository : ctrliq/kernel-container-build
153185 ref : automated-testing-v1
154186 path : kernel-container-build
155- token : ${{ secrets.PRIVATE_REPO_ACCESS_TOKEN }}
187+ token : ${{ steps.generate_token.outputs.token }}
156188
157189 - name : Install host dependencies
158190 run : |
@@ -226,10 +258,20 @@ jobs:
226258 sudo apt-get install -y gh
227259 fi
228260
261+ name : Generate GitHub App token for comparison
262+ id : generate_token_compare
263+ uses : actions/create-github-app-token@v1
264+ with :
265+ app-id : ${{ secrets.APP_ID }}
266+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
267+ repositories : |
268+ kernel-src-tree
269+ kernel-container-build
270+
229271name : Determine base branch for comparison
230272 id : base_branch
231273 env :
232- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
274+ GH_TOKEN : ${{ steps.generate_token_compare.outputs.token }}
233275 run : |
234276 BASE_BRANCH=""
235277 BRANCH_NAME="${{ github.ref_name }}"
@@ -487,9 +529,19 @@ jobs:
487529 git checkout origin/main -- .github/scripts/create-pr-body.sh
488530 chmod +x .github/scripts/create-pr-body.sh
489531
532+ name : Generate GitHub App token
533+ id : generate_token
534+ uses : actions/create-github-app-token@v1
535+ with :
536+ app-id : ${{ secrets.APP_ID }}
537+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
538+ repositories : |
539+ kernel-src-tree
540+ kernel-container-build
541+
490542name : Create Pull Request
491543 env :
492- GH_TOKEN : ${{ secrets.PRIVATE_REPO_ACCESS_TOKEN }}
544+ GH_TOKEN : ${{ steps.generate_token.outputs.token }}
493545 run : |
494546 # Reuse base branch from compare-results stage (already computed)
495547 BASE_BRANCH="${{ needs.compare-results.outputs.base_branch }}"
0 commit comments