hassio-addons/addon-vscode
1
0
Fork 0
mirror of https://github.com/hassio-addons/addon-vscode.git synced 2025-05-03 02:31:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

Switch to centralized GitHub Action Workflows (#339)

Browse source
This commit is contained in:
Franck Nijhof 2021-11-09 19:12:36 +01:00 committed by GitHub
parent a1d9be889f
commit 3a7923b042
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 37 additions and 656 deletions
Download patch file Download diff file Expand all files Collapse all files

85
.github/labels.yml vendored
View file

@ -1,85 +0,0 @@
---
- name: "breaking-change"
color: ee0701
description: "A breaking change for existing users."
- name: "bugfix"
color: ee0701
description: "Inconsistencies or issues which will cause a problem for users or implementors."
- name: "documentation"
color: 0052cc
description: "Solely about the documentation of the project."
- name: "enhancement"
color: 1d76db
description: "Enhancement of the code, not introducing new features."
- name: "refactor"
color: 1d76db
description: "Improvement of existing code, not introducing new features."
- name: "performance"
color: 1d76db
description: "Improving performance, not introducing new features."
- name: "new-feature"
color: 0e8a16
description: "New features or options."
- name: "maintenance"
color: 2af79e
description: "Generic maintenance tasks."
- name: "ci"
color: 1d76db
description: "Work that improves the continue integration."
- name: "dependencies"
color: 1d76db
description: "Upgrade or downgrade of project dependencies."
- name: "in-progress"
color: fbca04
description: "Issue is currently being resolved by a developer."
- name: "stale"
color: fef2c0
description: "There has not been activity on this issue or PR for quite some time."
- name: "no-stale"
color: fef2c0
description: "This issue or PR is exempted from the stable bot."
- name: "security"
color: ee0701
description: "Marks a security issue that needs to be resolved asap."
- name: "incomplete"
color: fef2c0
description: "Marks a PR or issue that is missing information."
- name: "invalid"
color: fef2c0
description: "Marks a PR or issue that is missing information."
- name: "beginner-friendly"
color: 0e8a16
description: "Good first issue for people wanting to contribute to the project."
- name: "help-wanted"
color: 0e8a16
description: "We need some extra helping hands or expertise in order to resolve this."
- name: "hacktoberfest"
description: "Issues/PRs are participating in the Hacktoberfest."
color: fbca04
- name: "hacktoberfest-accepted"
description: "Issues/PRs are participating in the Hacktoberfest."
color: fbca04
- name: "priority-critical"
color: ee0701
description: "This should be dealt with ASAP. Not fixing this issue would be a serious error."
- name: "priority-high"
color: b60205
description: "After critical issues are fixed, these should be dealt with before any further issues."
- name: "priority-medium"
color: 0e8a16
description: "This issue may be useful, and needs some attention."
- name: "priority-low"
color: e4ea8a
description: "Nice addition, maybe... someday..."
- name: "major"
color: b60205
description: "This PR causes a major version bump in the version number."
- name: "minor"
color: 0e8a16
description: "This PR causes a minor version bump in the version number."

57
.github/release-drafter.yml vendored
View file

@ -1,57 +0,0 @@
---
name-template: "v$RESOLVED_VERSION"
tag-template: "v$RESOLVED_VERSION"
change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
sort-direction: ascending
categories:
- title: "🚨 Breaking changes"
labels:
- "breaking-change"
- title: "✨ New features"
labels:
- "new-feature"
- title: "🐛 Bug fixes"
labels:
- "bugfix"
- title: "🚀 Enhancements"
labels:
- "enhancement"
- "refactor"
- "performance"
- title: "🧰 Maintenance"
labels:
- "maintenance"
- "ci"
- title: "📚 Documentation"
labels:
- "documentation"
- title: "⬆️ Dependency updates"
labels:
- "dependencies"
version-resolver:
major:
labels:
- "major"
- "breaking-change"
minor:
labels:
- "minor"
- "new-feature"
patch:
labels:
- "bugfix"
- "chore"
- "ci"
- "dependencies"
- "documentation"
- "enhancement"
- "performance"
- "refactor"
default: patch
template: |
## Whats changed
$CHANGES

195
.github/workflows/ci.yaml vendored
View file

@ -12,194 +12,7 @@ on:
workflow_dispatch:
jobs:
information:
name: Gather add-on information
runs-on: ubuntu-latest
outputs:
architectures: ${{ steps.information.outputs.architectures }}
build: ${{ steps.information.outputs.build }}
description: ${{ steps.information.outputs.description }}
name: ${{ steps.information.outputs.name }}
slug: ${{ steps.information.outputs.slug }}
target: ${{ steps.information.outputs.target }}
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run add-on information action
id: information
uses: frenck/action-addon-information@v1.2
lint-addon:
name: Lint Add-on
needs:
- information
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run Add-on Lint
uses: frenck/action-addon-linter@v2.4.1
with:
community: true
path: "./${{ needs.information.outputs.target }}"
lint-hadolint:
name: Hadolint
needs:
- information
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run Hadolint
uses: brpaz/hadolint-action@v1.5.0
with:
dockerfile: "./${{ needs.information.outputs.target }}/Dockerfile"
lint-json:
name: JSON Lint
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run JQ
run: |
shopt -s globstar
cat **/*.json | jq '.'
lint-markdown:
name: MarkdownLint
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run mdl
uses: actionshub/markdownlint@2.0.2
lint-shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run Shellcheck
uses: ludeeus/action-shellcheck@1.1.0
env:
SHELLCHECK_OPTS: -s bash
lint-yamllint:
name: YAMLLint
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run YAMLLint
uses: frenck/action-yamllint@v1.1
lint-prettier:
name: Prettier
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run Prettier
uses: creyD/prettier_action@v4.0
with:
prettier_options: --write **/*.{json,js,md,yaml}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build:
name: Build ${{ matrix.architecture }}
needs:
- information
- lint-addon
- lint-hadolint
- lint-json
- lint-markdown
- lint-prettier
- lint-shellcheck
- lint-yamllint
runs-on: ubuntu-latest
strategy:
matrix:
architecture: ${{ fromJson(needs.information.outputs.architectures) }}
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🏗 Set up build cache
id: cache
uses: actions/cache@v2.1.6
with:
path: /tmp/.docker-cache
key: docker-${{ matrix.architecture }}-${{ github.sha }}
restore-keys: |
docker-${{ matrix.architecture }}
- name: 🏗 Set up QEMU
uses: docker/setup-qemu-action@v1.2.0
- name: 🏗 Set up Docker Buildx
uses: docker/setup-buildx-action@v1.6.0
- name: 🏗 Set up CodeNotary
run: bash <(curl https://getvcn.codenotary.com -L)
- name: Compose build flags
id: flags
run: |
echo "::set-output name=date::$(date +"%Y-%m-%dT%H:%M:%SZ")"
from=$(jq --raw-output ".build_from.${{ matrix.architecture }}" "${{ needs.information.outputs.build }}")
echo "::set-output name=from::${from}"
if [[ "${{ matrix.architecture}}" = "amd64" ]]; then
echo "::set-output name=platform::linux/amd64"
elif [[ "${{ matrix.architecture }}" = "i386" ]]; then
echo "::set-output name=platform::linux/386"
elif [[ "${{ matrix.architecture }}" = "armhf" ]]; then
echo "::set-output name=platform::linux/arm/v6"
elif [[ "${{ matrix.architecture }}" = "armv7" ]]; then
echo "::set-output name=platform::linux/arm/v7"
elif [[ "${{ matrix.architecture }}" = "aarch64" ]]; then
echo "::set-output name=platform::linux/arm64/v8"
else
echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}"
exit 1
fi
- name: ⤵️ Download base image
run: docker pull "${{ steps.flags.outputs.from }}"
- name: ✅ Verify authenticity of base image
run: |
vcn authenticate \
"docker://${{ steps.flags.outputs.from }}"
vcn authenticate \
--output json \
--signerID 0x03e406879fd89e52f38f4aab0061266d1183980a \
"docker://${{ steps.flags.outputs.from }}" \
| jq \
--exit-status \
'.verification.status == 0'
- name: 🚀 Build
uses: docker/build-push-action@v2.7.0
with:
push: false
context: ${{ needs.information.outputs.target }}
file: ${{ needs.information.outputs.target }}/Dockerfile
cache-from: |
type=local,src=/tmp/.docker-cache
ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:edge
cache-to: type=local,mode=max,dest=/tmp/.docker-cache-new
platforms: ${{ steps.flags.outputs.platform }}
build-args: |
BUILD_ARCH=${{ matrix.architecture }}
BUILD_DATE=${{ steps.flags.outputs.date }}
BUILD_DESCRIPTION=${{ needs.information.outputs.description }}
BUILD_FROM=${{ steps.flags.outputs.from }}
BUILD_NAME=${{ needs.information.outputs.name }}
BUILD_REF=${{ github.sha }}
BUILD_REPOSITORY=${{ github.repository }}
BUILD_VERSION=edge
# This ugly bit is necessary, or our cache will grow forever...
# Well until we hit GitHub's limit of 5GB :)
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: 🚚 Swap build cache
run: |
rm -rf /tmp/.docker-cache
mv /tmp/.docker-cache-new /tmp/.docker-cache
workflows:
uses: hassio-addons/workflows/.github/workflows/addon-ci.yaml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

250
.github/workflows/deploy.yaml vendored
View file

@ -13,248 +13,8 @@ on:
- completed
jobs:
information:
if: |
github.event_name == 'release'
|| (
github.event_name == 'workflow_run'
&& github.event.workflow_run.conclusion == 'success'
)
name: Gather add-on information
runs-on: ubuntu-latest
outputs:
architectures: ${{ steps.information.outputs.architectures }}
build: ${{ steps.information.outputs.build }}
description: ${{ steps.information.outputs.description }}
environment: ${{ steps.release.outputs.environment }}
name: ${{ steps.information.outputs.name }}
slug: ${{ steps.information.outputs.slug }}
target: ${{ steps.information.outputs.target }}
version: ${{ steps.release.outputs.version }}
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run add-on information action
id: information
uses: frenck/action-addon-information@v1.2
- name: Gather version and environment
id: release
run: |
sha="${{ github.sha }}"
environment="edge"
version="${sha:0:7}"
if [[ "${{ github.event_name }}" = "release" ]]; then
version="${{ github.event.release.tag_name }}"
version="${version,,}"
version="${version#v}"
environment="stable"
if [[ "${{ github.event.release.prerelease }}" = "true" ]]; then
environment="beta"
fi
fi
echo "::set-output name=environment::${environment}"
echo "::set-output name=version::${version}"
deploy:
name: 👷 Build & Deploy ${{ matrix.architecture }}
needs: information
runs-on: ubuntu-latest
strategy:
matrix:
architecture: ${{ fromJson(needs.information.outputs.architectures) }}
steps:
- name: 🔂 Wait for other runs to complete
uses: softprops/turnstyle@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🏗 Set up build cache
id: cache
uses: actions/cache@v2.1.6
with:
path: /tmp/.docker-cache
key: docker-${{ matrix.architecture }}-${{ github.sha }}
restore-keys: |
docker-${{ matrix.architecture }}
- name: 🏗 Set up QEMU
uses: docker/setup-qemu-action@v1.2.0
- name: 🏗 Set up Docker Buildx
uses: docker/setup-buildx-action@v1.6.0
- name: 🏗 Set up CodeNotary
run: bash <(curl https://getvcn.codenotary.com -L)
- name: Compose build flags
id: flags
run: |
echo "::set-output name=date::$(date +"%Y-%m-%dT%H:%M:%SZ")"
from=$(jq --raw-output ".build_from.${{ matrix.architecture }}" "${{ needs.information.outputs.build }}")
echo "::set-output name=from::${from}"
if [[ "${{ matrix.architecture}}" = "amd64" ]]; then
echo "::set-output name=platform::linux/amd64"
elif [[ "${{ matrix.architecture }}" = "i386" ]]; then
echo "::set-output name=platform::linux/386"
elif [[ "${{ matrix.architecture }}" = "armhf" ]]; then
echo "::set-output name=platform::linux/arm/v6"
elif [[ "${{ matrix.architecture }}" = "armv7" ]]; then
echo "::set-output name=platform::linux/arm/v7"
elif [[ "${{ matrix.architecture }}" = "aarch64" ]]; then
echo "::set-output name=platform::linux/arm64/v8"
else
echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}"
exit 1
fi
- name: 🏗 Login to GitHub Container Registry
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: ⤵️ Download base image
run: docker pull "${{ steps.flags.outputs.from }}"
- name: ✅ Verify authenticity of base image
run: |
vcn authenticate \
"docker://${{ steps.flags.outputs.from }}"
vcn authenticate \
--output json \
--signerID 0x03e406879fd89e52f38f4aab0061266d1183980a \
"docker://${{ steps.flags.outputs.from }}" \
| jq \
--exit-status \
'.verification.status == 0'
- name: 🚀 Build
uses: docker/build-push-action@v2.7.0
with:
load: true
# yamllint disable rule:line-length
tags: |
ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}
ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}
# yamllint enable rule:line-length
context: ${{ needs.information.outputs.target }}
file: ${{ needs.information.outputs.target }}/Dockerfile
cache-from: |
type=local,src=/tmp/.docker-cache
ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:edge
cache-to: type=local,mode=max,dest=/tmp/.docker-cache-new
platforms: ${{ steps.flags.outputs.platform }}
build-args: |
BUILD_ARCH=${{ matrix.architecture }}
BUILD_DATE=${{ steps.flags.outputs.date }}
BUILD_DESCRIPTION=${{ needs.information.outputs.description }}
BUILD_FROM=${{ steps.flags.outputs.from }}
BUILD_NAME=${{ needs.information.outputs.name }}
BUILD_REF=${{ github.sha }}
BUILD_REPOSITORY=${{ github.repository }}
BUILD_VERSION=${{ needs.information.outputs.version }}
# This ugly bit is necessary, or our cache will grow forever...
# Well until we hit GitHub's limit of 5GB :)
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: 🚚 Swap build cache
run: |
rm -rf /tmp/.docker-cache
mv /tmp/.docker-cache-new /tmp/.docker-cache
- name: 🔏 Notarize
# yamllint disable rule:line-length
run: |
if vcn authenticate \
--output json \
"docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" \
| jq \
--exit-status \
'.verification.status != 0';
then
vcn login
vcn notarize \
--public \
"docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"
fi
env:
VCN_USER: ${{ secrets.VCN_USER }}
VCN_PASSWORD: ${{ secrets.VCN_PASSWORD }}
VCN_NOTARIZATION_PASSWORD: ${{ secrets.VCN_NOTARIZATION_PASSWORD }}
VCN_OTP_EMPTY: true
- name: 🚀 Push
# yamllint disable rule:line-length
run: |
docker push \
"ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}"
docker push \
"ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"
publish-edge:
name: 📢 Publish to edge repository
if: needs.information.outputs.environment == 'edge'
needs:
- information
- deploy
environment:
name: ${{ needs.information.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: 🚀 Dispatch repository updater update signal
uses: peter-evans/repository-dispatch@v1.1.3
with:
token: ${{ secrets.DISPATCH_TOKEN }}
repository: hassio-addons/repository-edge
event-type: update
client-payload: >
{
"addon": "${{ needs.information.outputs.slug }}",
"name": "${{ needs.information.outputs.name }}",
"repository": "${{ github.repository }}",
"version": "${{ needs.information.outputs.version }}"
}
publish-beta:
name: 📢 Publish to beta repository
if: |
needs.information.outputs.environment == 'beta' ||
needs.information.outputs.environment == 'stable'
needs:
- information
- deploy
environment:
name: ${{ needs.information.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: 🚀 Dispatch repository updater update signal
uses: peter-evans/repository-dispatch@v1.1.3
with:
token: ${{ secrets.DISPATCH_TOKEN }}
repository: hassio-addons/repository-beta
event-type: update
client-payload: >
{
"addon": "${{ needs.information.outputs.slug }}",
"name": "${{ needs.information.outputs.name }}",
"repository": "${{ github.repository }}",
"version": "${{ github.event.release.tag_name }}"
}
publish-stable:
name: 📢 Publish to stable repository
if: needs.information.outputs.environment == 'stable'
needs:
- information
- deploy
environment:
name: ${{ needs.information.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: 🚀 Dispatch repository updater update signal
uses: peter-evans/repository-dispatch@v1.1.3
with:
token: ${{ secrets.DISPATCH_TOKEN }}
repository: hassio-addons/repository
event-type: update
client-payload: >
{
"addon": "${{ needs.information.outputs.slug }}",
"name": "${{ needs.information.outputs.name }}",
"repository": "${{ github.repository }}",
"version": "${{ github.event.release.tag_name }}"
}
workflows:
uses: hassio-addons/workflows/.github/workflows/addon-deploy.yaml@main
secrets:
DISPATCH_TOKEN: ${{ secrets.DISPATCH_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

22
.github/workflows/labels.yaml vendored
View file

@ -3,20 +3,12 @@ name: Sync labels
# yamllint disable-line rule:truthy
on:
push:
branches:
- main
paths:
- .github/labels.yml
schedule:
- cron: "34 5 * * *"
workflow_dispatch:
jobs:
labels:
name: ♻️ Sync labels
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.5
- name: 🚀 Run Label Syncer
uses: micnncim/action-label-syncer@v1.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
workflows:
uses: hassio-addons/workflows/.github/workflows/labels.yaml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

15
.github/workflows/lock.yaml vendored
View file

@ -8,14 +8,7 @@ on:
workflow_dispatch:
jobs:
lock:
name: 🔒 Lock closed issues and PRs
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v3.0.0
with:
github-token: ${{ github.token }}
issue-inactive-days: "30"
issue-lock-reason: ""
pr-inactive-days: "1"
pr-lock-reason: ""
workflows:
uses: hassio-addons/workflows/.github/workflows/lock.yaml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

23
.github/workflows/pr-labels.yaml vendored
View file

@ -4,19 +4,14 @@ name: PR Labels
# yamllint disable-line rule:truthy
on:
pull_request_target:
types: [opened, labeled, unlabeled, synchronize]
types:
- opened
- labeled
- unlabeled
- synchronize
jobs:
pr_labels:
name: Verify
runs-on: ubuntu-latest
steps:
- name: 🏷 Verify PR has a valid label
uses: jesusvasquez333/verify-pr-label-action@v1.4.0
with:
pull-request-number: "${{ github.event.pull_request.number }}"
github-token: "${{ secrets.GITHUB_TOKEN }}"
valid-labels: >-
breaking-change, bugfix, documentation, enhancement, refactor,
performance, new-feature, maintenance, ci, dependencies
disable-reviews: true
workflows:
uses: hassio-addons/workflows/.github/workflows/pr-labels.yaml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

12
.github/workflows/release-drafter.yaml vendored
View file

@ -8,11 +8,7 @@ on:
- main
jobs:
update_release_draft:
name: ✏️ Draft release
runs-on: ubuntu-latest
steps:
- name: 🚀 Run Release Drafter
uses: release-drafter/release-drafter@v5.15.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
workflows:
uses: hassio-addons/workflows/.github/workflows/release-drafter.yaml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

34
.github/workflows/stale.yaml vendored
View file

@ -8,33 +8,7 @@ on:
workflow_dispatch:
jobs:
stale:
name: 🧹 Clean up stale issues and PRs
runs-on: ubuntu-latest
steps:
- name: 🚀 Run stale
uses: actions/stale@v4
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 30
days-before-close: 7
remove-stale-when-updated: true
stale-issue-label: "stale"
exempt-issue-labels: "no-stale,help-wanted"
stale-issue-message: >
There hasn't been any activity on this issue recently, so we
clean up some of the older and inactive issues.
Please make sure to update to the latest version and
check if that solves the issue. Let us know if that works for you
by leaving a comment 👍
This issue has now been marked as stale and will be closed if no
further activity occurs. Thanks!
stale-pr-label: "stale"
exempt-pr-labels: "no-stale"
stale-pr-message: >
There hasn't been any activity on this pull request recently. This
pull request has been automatically marked as stale because of that
and will be closed if no further activity occurs within 7 days.
Thank you for your contributions.
workflows:
uses: hassio-addons/workflows/.github/workflows/stale.yaml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}