Commit Graph

4 Commits

Author SHA1 Message Date
Carlos Alexandro Becker d3934597ca ci: fix job
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-06-27 14:48:55 -03:00
Carlos Alexandro Becker ee731b1700 chore: workflow dispatch
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-06-27 14:04:48 -03:00
Carlos Alexandro Becker a4f614e65e ci: use a GitHub App token to rebuild dist on dependabot PRs (#569)
* ci: use a GitHub App token to rebuild dist on dependabot PRs

Replaces GH_PAT (a broad org PAT) with a GitHub App token for pushing the
rebuilt dist/ back to Dependabot PR branches. An App token is scoped to
this repo with minimal permissions and is short-lived, so it is much safer
to expose on the (semi-trusted) Dependabot PR build than a wide PAT.

The job stays a no-op until the DIST_REBUILD_APP_ID and
DIST_REBUILD_APP_PRIVATE_KEY Dependabot secrets are configured.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

* ci: use GORELEASER_APP_ID/GORELEASER_APP_KEY for dist rebuild

Use the existing GoReleaser GitHub App secrets instead of dedicated
DIST_REBUILD_* ones.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-27 10:26:46 -03:00
Carlos Alexandro Becker d2d17a6c5d ci: auto-rebuild dist on dependabot PRs (#568)
Adds a workflow that, on Dependabot PRs, rebuilds the ncc-bundled dist/
and pushes it back onto the PR branch, so a dependency bump and its
matching dist/ land in a single PR and the validate workflow stays green.

Pushing the dist commit uses GH_PAT (the default GITHUB_TOKEN is read-only
on Dependabot runs and its pushes do not re-trigger checks). The job is a
no-op until GH_PAT is available as a Dependabot secret.

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-24 11:40:21 -03:00