Configure ako-releaser bot to sign commits (#2270)

Author: helderjs

.github/workflows/devbox-update.yml

@@ -12,12 +12,18 @@ jobs:
     steps:
     - name: Checkout Repository
       uses: actions/checkout@v4
-      
+    - name: Generate GitHub App Token
+      id: generate_token
+      uses: actions/create-github-app-token@v1
+      with:
+        app-id: ${{ secrets.AKO_RELEASER_APP_ID }}
+        private-key: ${{ secrets.AKO_RELEASER_RSA_KEY }}
+        owner: ${{ github.repository_owner }}
+        repositories: mongodb-atlas-kubernetes
     - name: Install devbox
       uses: jetify-com/[email protected]
       with:
         enable-cache: 'true'
-    
     - name: Update Devbox
       run: |
         devbox update
@@ -32,20 +38,18 @@ jobs:
           echo "Changes detected."
           echo "CHANGES=true" >> $GITHUB_OUTPUT
         fi
-
     - name: Generate Branch Name
       id: generate_branch
       if: steps.check_changes.outputs.CHANGES == 'true'
       run: |
         RANDOM_NUM=$((RANDOM % 10000))  # Generate a random number between 0 and 9999
         BRANCH_NAME="devbox-update-$(date +'%Y-%m-%d')-$RANDOM_NUM"
         echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT  # Export branch name
-
     - name: Commit and Push Changes
       if: steps.check_changes.outputs.CHANGES == 'true'
       run: |
-        git config --local user.email "akobot@ako-team-fake.mongodb.com"
-        git config --local user.name "AKOBot"
+        git config user.name "ako-releaser"
+        git config user.email "285350+your-app[bot]@users.noreply.github.com"
         git checkout -b ${{ steps.generate_branch.outputs.BRANCH_NAME }}  # New branch
         git add .
         git commit -m "Weekly devbox dependencies update"

.github/workflows/sync-helm-charts.yaml

@@ -99,8 +99,8 @@ jobs:
             COMMIT_MSG="[autogenerated] update AKO helm-charts ${jobname} by @${{ github.event.pull_request.user.login }}"
             echo "Changes detected. Creating PR"
 
-            git config --local user.email "akobot@ako-team-fake.mongodb.com"
-            git config --local user.name "ako-releaser"
+            git config user.name "ako-releaser"
+            git config user.email "285350+your-app[bot]@users.noreply.github.com"
 
             git checkout -b "${BRANCH_NAME}"
             git add .

.github/workflows/update-helm.yaml

@@ -81,8 +81,8 @@ jobs:
             COMMIT_MSG="[autogenerated] update CRDs and RBAC ${jobname}"
             echo "Changes detected. Creating PR"
 
-            git config --local user.email "akobot@ako-team-fake.mongodb.com"
-            git config --local user.name "ako-releaser"
+            git config user.name "ako-releaser"
+            git config user.email "285350+your-app[bot]@users.noreply.github.com"
 
             git checkout -b "${BRANCH_NAME}"
             git add .

.github/workflows/update-licenses.yml

@@ -26,25 +26,32 @@ jobs:
       JWT_APP_ID: ${{ secrets.AKO_RELEASER_APP_ID }}
       JWT_RSA_PEM_KEY_BASE64: ${{ secrets.AKO_RELEASER_RSA_KEY_BASE64 }}
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout AKO repo
+        uses: actions/checkout@v4
         with:
           ref: ${{ env.BRANCH }}
+      - name: Generate GitHub App Token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.AKO_RELEASER_APP_ID }}
+          private-key: ${{ secrets.AKO_RELEASER_RSA_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: mongodb-atlas-kubernetes
       - name: Install devbox
         uses: jetify-com/[email protected]
         with:
           enable-cache: 'true'
-      
       - name: Recompute licenses
         run: devbox run -- 'make recompute-licenses'
-
       - name: Commit as needed
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
         run: |
-          make tools/makejwt/makejwt
-          export GITHUB_TOKEN=$(make github-token)
           if [[ $(git diff --stat) != '' ]]; then
             echo 'Committing changes'
-            git config user.email "akobot@ako-team-fake.mongodb.com"
-            git config user.name "AKOBot"
+            git config user.name "ako-releaser"
+            git config user.email "285350+your-app[bot]@users.noreply.github.com"
             git add .
             git commit -m "Fix licenses after dependabot changes" -m "[dependabot skip]"
             git push