Expensify · mountiny · Oct 2, 2023 · Oct 2, 2023
@@ -1,23 +1,11 @@
-name: "Setup Git for OSBotify"
-description: "Setup Git for OSBotify"
+name: 'Setup Git for OSBotify'
+description: 'Setup Git for OSBotify'
 
 inputs:
   GPG_PASSPHRASE:
-    description: "Passphrase used to decrypt GPG key"
-    required: true
-  OS_BOTIFY_APP_ID:
-    description: "Application ID for OS Botify"
-    required: true
-  OS_BOTIFY_PRIVATE_KEY:
-    description: "OS Botify's private key"
+    description: 'Passphrase used to decrypt GPG key'
     required: true
 
-outputs:
-  # Do not try to use this for committing code. Use `secrets.OS_BOTIFY_COMMIT_TOKEN` instead
-  OS_BOTIFY_API_TOKEN:
-    description: Token to use for GitHub API interactions.
-    value: ${{ steps.generateToken.outputs.token }}
-
 runs:
   using: composite
   steps:
@@ -41,10 +29,3 @@ runs:
       shell: bash
       if: runner.debug == '1'
       run: echo "GIT_TRACE=true" >> "$GITHUB_ENV"
-
-    - name: Generate a token
-      id: generateToken
-      uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
-      with:
-        app_id: ${{ inputs.OS_BOTIFY_APP_ID }}
-        private_key: ${{ inputs.OS_BOTIFY_PRIVATE_KEY }}
@@ -44,14 +44,12 @@ jobs:
         uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
       - name: Get previous app version
         id: getPreviousVersion
         uses: Expensify/App/.github/actions/javascript/getPreviousVersion@main
         with:
-          SEMVER_LEVEL: "PATCH"
+          SEMVER_LEVEL: 'PATCH'
 
       - name: Fetch history of relevant refs
         run: |
@@ -121,7 +119,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
 
-      - name: "Announces a CP failure in the #announce Slack room"
+      - name: 'Announces a CP failure in the #announce Slack room'
         uses: 8398a7/action-slack@v3
         if: ${{ failure() }}
         with:

@@ -26,18 +26,12 @@ on:
       LARGE_SECRET_PASSPHRASE:
         description: Passphrase used to decrypt GPG key
         required: true
+      OS_BOTIFY_TOKEN:
+        description: Token for the OSBotify user
+        required: true
       SLACK_WEBHOOK:
         description: Webhook used to comment in slack
         required: true
-      OS_BOTIFY_COMMIT_TOKEN:
-        description: OSBotify personal access token, used to workaround committing to protected branch
-        required: true
-      OS_BOTIFY_APP_ID:
-        description: Application ID for OS Botify App
-        required: true
-      OS_BOTIFY_PRIVATE_KEY:
-        description: OSBotify private key
-        required: true
 
 jobs:
   validateActor:
@@ -49,7 +43,7 @@ jobs:
         id: getUserPermissions
         run: echo "PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission | jq -r '.permission')" >> "$GITHUB_OUTPUT"
         env:
-          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
 
   createNewVersion:
     runs-on: macos-latest
@@ -71,23 +65,18 @@ jobs:
         uses: actions/checkout@v3
         with:
           ref: main
-          # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify
-          # This is a workaround to allow pushes to a protected branch
-          token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
+          token: ${{ secrets.OS_BOTIFY_TOKEN }}
 
       - name: Setup git for OSBotify
         uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
-        id: setupGitForOSBotify
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
       - name: Generate version
         id: bumpVersion
         uses: Expensify/App/.github/actions/javascript/bumpVersion@main
         with:
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }}
 
       - name: Commit new version

@@ -9,18 +9,16 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/staging'
     steps:
-      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
-        id: setupGitForOSBotify
-        with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
-
       - name: Checkout staging branch
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
         with:
           ref: staging
-          token: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          token: ${{ secrets.OS_BOTIFY_TOKEN }}
+
+      - name: Setup git for OSBotify
+        uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
+        with:
+          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
       - name: Tag version
         run: git tag "$(npm run print-version --silent)"
@@ -32,19 +30,11 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/production'
     steps:
-      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
-        id: setupGitForOSBotify
-        with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
-
-      - uses: actions/checkout@v3
       - name: Checkout
         uses: actions/checkout@v3
         with:
           ref: production
-          token: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          token: ${{ secrets.OS_BOTIFY_TOKEN }}
 
       - name: Setup git for OSBotify
         uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
@@ -59,7 +49,7 @@ jobs:
         uses: Expensify/App/.github/actions/javascript/getDeployPullRequestList@main
         with:
           TAG: ${{ env.PRODUCTION_VERSION }}
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           IS_PRODUCTION_DEPLOY: true
 
       - name: Generate Release Body
@@ -74,4 +64,4 @@ jobs:
           tag_name: ${{ env.PRODUCTION_VERSION }}
           body: ${{ steps.getReleaseBody.outputs.RELEASE_BODY }}
         env:
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
@@ -12,13 +12,6 @@ jobs:
     outputs:
       isValid: ${{ fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) && !fromJSON(steps.checkDeployBlockers.outputs.HAS_DEPLOY_BLOCKERS) }}
     steps:
-      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
-        id: setupGitForOSBotify
-        with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
-
       - name: Validate actor is deployer
         id: isDeployer
         run: |
@@ -28,13 +21,13 @@ jobs:
             echo "IS_DEPLOYER=false" >> "$GITHUB_OUTPUT"
           fi
         env:
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
 
       - name: Reopen and comment on issue (not a team member)
         if: ${{ !fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) }}
         uses: Expensify/App/.github/actions/javascript/reopenIssueWithComment@main
         with:
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           ISSUE_NUMBER: ${{ github.event.issue.number }}
           COMMENT: |
             Sorry, only members of @Expensify/Mobile-Deployers can close deploy checklists.
@@ -45,14 +38,14 @@ jobs:
         id: checkDeployBlockers
         uses: Expensify/App/.github/actions/javascript/checkDeployBlockers@main
         with:
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           ISSUE_NUMBER: ${{ github.event.issue.number }}
 
       - name: Reopen and comment on issue (has blockers)
         if: ${{ fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) && fromJSON(steps.checkDeployBlockers.outputs.HAS_DEPLOY_BLOCKERS || 'false') }}
         uses: Expensify/App/.github/actions/javascript/reopenIssueWithComment@main
         with:
-          GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           ISSUE_NUMBER: ${{ github.event.issue.number }}
           COMMENT: |
             This issue either has unchecked items or has not yet been marked with the `:shipit:` emoji of approval.
@@ -77,12 +70,9 @@ jobs:
           token: ${{ secrets.OS_BOTIFY_TOKEN }}
 
       - name: Setup Git for OSBotify
-        id: setupGitForOSBotify
         uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
       - name: Update production branch
         run: |
@@ -122,8 +112,6 @@ jobs:
         uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
       - name: Update staging branch to trigger staging deploy
         run: |

@@ -95,8 +95,6 @@ jobs:
         uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-          OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
-          OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
       - name: Update staging branch from main
         run: |