chore: Workflow maintenance (#344)

nagyesta · web-flow · commit 0fd05dea3749 · 2025-12-08T23:36:28.000+01:00
- Use auto-generated GitHub tokens in all workflows

Signed-off-by: Esta Nagy &lt;nagyesta@gmail.com&gt;
diff --git a/.github/workflows/gradle-ci.yml b/.github/workflows/gradle-ci.yml
@@ -1,10 +1,3 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
-
 name: Gradle CI
 
 on:
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -1,10 +1,3 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
-
 name: Gradle
 
 on:
@@ -20,15 +13,19 @@ permissions:
 
 jobs:
   build:
+    name: Build
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      packages: write
+    outputs:
+      tag_name: ${{ steps.read-tag-name.outputs.RELEASE_TAG_NAME }}
     steps:
+      # Set up the build environment
       - name: Checkout
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
-          token: ${{ secrets.PUBLISH_KEY }}
       - name: Set up JDK 25
         uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
         with:
@@ -43,29 +40,43 @@ jobs:
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
       - name: Build with Gradle
-        run: ./gradlew clean buildDocker
+        run: ./gradlew clean printVersion buildDocker
       - name: Docker Login
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Tag and publish using Gradle
-        env:
-          ORG_GRADLE_PROJECT_githubUser: ${{ secrets.PUBLISH_USER_NAME }}
-          ORG_GRADLE_PROJECT_githubToken: ${{ secrets.PUBLISH_KEY }}
-        run: ./gradlew tagVersion buildDockerPush
       - name: Read tag name
         id: read-tag-name
         run: |
           echo "RELEASE_TAG_NAME=$(cat ./build/version)" >> "$GITHUB_OUTPUT"
-      - name: Generate release
+      - name: Tag version
+        run: |
+          git config --global user.name 'Esta Nagy'
+          git config --global user.email 'nagyesta@gmail.com'
+          git tag ${{ steps.read-tag-name.outputs.RELEASE_TAG_NAME }}
+          git push origin ${{ steps.read-tag-name.outputs.RELEASE_TAG_NAME }}
+      - name: Publish with Gradle
+        run: ./gradlew buildDockerPush
+
+  create-release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Create release
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        env:
+          TAG_NAME: ${{needs.build.outputs.tag_name }}
         with:
           script: |
             github.rest.repos.createRelease({
               owner: context.repo.owner,
               repo: context.repo.repo,
-              tag_name: "${{ steps.read-tag-name.outputs.RELEASE_TAG_NAME }}",
+              tag_name: "${{ env.TAG_NAME }}",
               generate_release_notes: true,
               draft: false
             });
+
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
@@ -5,13 +5,15 @@ permissions: read-all
 
 jobs:
   pr-labeler:
+    name: Label PR
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
-          token: ${{ secrets.PUBLISH_KEY }}
       - name: Get branch name
         id: get-branch-name
         env:
@@ -26,10 +28,12 @@ jobs:
       - name: Convert to label
         id: convert-to-label
         run: |
-          if [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == feature/* ]]; then
+          if [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == feat/* ]]; then
             echo "LABEL_NAME=enhancement" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == feat/* ]]; then
+          elif [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == feature/* ]]; then
             echo "LABEL_NAME=enhancement" >> $GITHUB_OUTPUT
+          elif [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == fix/* ]]; then
+            echo "LABEL_NAME=bug" >> $GITHUB_OUTPUT
           elif [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == bugfix/* ]]; then
             echo "LABEL_NAME=bug" >> $GITHUB_OUTPUT
           elif [[ "${{ steps.get-branch-name.outputs.BRANCH_NAME }}" == bug/* ]]; then
@@ -52,7 +56,6 @@ jobs:
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         if: ${{ steps.convert-to-label.outputs.LABEL_NAME != 'none' }}
         with:
-          github-token: ${{ secrets.PUBLISH_KEY }}
           script: |
             github.rest.issues.addLabels({
               issue_number: ${{ github.event.pull_request.number }},
