From a7eaa89ad7a740f78be1b98414f87751de972ae8 Mon Sep 17 00:00:00 2001
From: Trevor Lovell <trevor.lovell@spaceandtime.io>
Date: Thu, 21 Nov 2024 18:19:03 -0700
Subject: [PATCH] ci: authenticate with secret github token in release
 workflows

Currently, the release workflows attempt to pull github authentication
from 1password.
However, this workflow is only intended for use in non-public SxT
workflows.
Since we do not need access to private SxT information to perform these
releases, using the secret github token should suffice for now.
---
 .github/workflows/preview-release.yml |  3 ++-
 .github/workflows/release.yml         | 26 +++++---------------------
 2 files changed, 7 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/preview-release.yml b/.github/workflows/preview-release.yml
index 7af195e..6733fc9 100644
--- a/.github/workflows/preview-release.yml
+++ b/.github/workflows/preview-release.yml
@@ -18,6 +18,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          token: ${{ secrets.GH_TOKEN }}
           ref: ${{ github.head_ref }}
           # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
           persist-credentials: false
@@ -29,7 +30,7 @@ jobs:
         id: conventional-changelog
         uses: TriPSs/conventional-changelog-action@v5
         with:
-          github-token: ${{ steps.app-token.outputs.token }}
+          github-token: ${{ secrets.GH_TOKEN }}
           skip-git-pull: true
           skip-version-file: true
           git-push: false
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7a06373..d251991 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,27 +11,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Load Secrets
-        uses: 1password/load-secrets-action@v1
-        with:
-          export-env: true
-        env:
-          OP_CONNECT_HOST: ${{ secrets.OP_CONNECT_HOST }}
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-          GITHUB_APP_ID: op://op-github-devops/cosmic-agent-labs/app-id
-          GITHUB_PRIVATE_KEY: op://op-github-devops/cosmic-agent-labs/private-key
-
-      - name: Create GitHub App Token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ env.GITHUB_APP_ID }}
-          private-key: ${{ env.GITHUB_PRIVATE_KEY }}
 
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GH_TOKEN }}
           ref: ${{ github.head_ref }}
           # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
           persist-credentials: false
@@ -43,7 +27,7 @@ jobs:
         id: conventional-changelog
         uses: TriPSs/conventional-changelog-action@v5
         with:
-          github-token: ${{ steps.app-token.outputs.token }}
+          github-token: ${{ secrets.GH_TOKEN }}
           skip-git-pull: true
           skip-version-file: true
           git-push: false
@@ -53,7 +37,7 @@ jobs:
         uses: ad-m/github-push-action@master
         id: push
         with:
-          github_token: ${{ steps.app-token.outputs.token }}
+          github_token: ${{ secrets.GH_TOKEN }}
           branch: ${{ github.ref }}
 
       - name: Create Release
@@ -61,5 +45,5 @@ jobs:
         with:
           tag: ${{ steps.conventional-changelog.outputs.tag }}
           body: ${{ steps.conventional-changelog.outputs.changelog }}
-          token: ${{ steps.app-token.outputs.token }}
-          makeLatest: true
\ No newline at end of file
+          token: ${{ secrets.GH_TOKEN }}
+          makeLatest: true