From 8419cc7d79c0bb1dabfbd9ec49cb957740609d4d Mon Sep 17 00:00:00 2001
From: Jeremy Tuloup <jeremy.tuloup@gmail.com>
Date: Wed, 27 Mar 2024 09:45:53 +0100
Subject: [PATCH] Update releaser workflows (#1453)

* Update releaser workflows

* uncomment silent
---
 .github/workflows/prep-release.yml    | 26 ++++++++++++++++----------
 .github/workflows/publish-release.yml | 25 +++++++++++++++----------
 2 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml
index 2ab42761d..7771b9496 100644
--- a/.github/workflows/prep-release.yml
+++ b/.github/workflows/prep-release.yml
@@ -1,27 +1,33 @@
-name: 'Step 1: Prep Release'
+name: "Step 1: Prep Release"
 on:
   workflow_dispatch:
     inputs:
       version_spec:
-        description: 'New Version Specifier'
-        default: 'next'
+        description: "New Version Specifier"
+        default: "next"
         required: false
       branch:
-        description: 'The branch to target'
+        description: "The branch to target"
         required: false
       post_version_spec:
-        description: 'Post Version Specifier'
+        description: "Post Version Specifier"
         required: false
+      silent:
+        description: "Set a placeholder in the changelog and don't publish the release."
+        required: false
+        type: boolean
       since:
-        description: 'Use PRs with activity since this date or git reference'
+        description: "Use PRs with activity since this date or git reference"
         required: false
       since_last_stable:
-        description: 'Use PRs with activity since the last stable git tag'
+        description: "Use PRs with activity since the last stable git tag"
         required: false
         type: boolean
 jobs:
   prep_release:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
 
@@ -29,14 +35,14 @@ jobs:
         id: prep-release
         uses: jupyter-server/jupyter_releaser/.github/actions/prep-release@v2
         with:
-          token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           version_spec: ${{ github.event.inputs.version_spec }}
+          silent: ${{ github.event.inputs.silent }}
           post_version_spec: ${{ github.event.inputs.post_version_spec }}
-          target: ${{ github.event.inputs.target }}
           branch: ${{ github.event.inputs.branch }}
           since: ${{ github.event.inputs.since }}
           since_last_stable: ${{ github.event.inputs.since_last_stable }}
 
-      - name: '** Next Step **'
+      - name: "** Next Step **"
         run: |
           echo "Optional): Review Draft Release: ${{ steps.prep-release.outputs.release_url }}"
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index cbe77f773..c1881060d 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -1,32 +1,37 @@
-name: 'Step 2: Publish Release'
+name: "Step 2: Publish Release"
 on:
   workflow_dispatch:
     inputs:
       branch:
-        description: 'The target branch'
+        description: "The target branch"
         required: false
       release_url:
-        description: 'The URL of the draft GitHub release'
+        description: "The URL of the draft GitHub release"
         required: false
       steps_to_skip:
-        description: 'Comma separated list of steps to skip'
+        description: "Comma separated list of steps to skip"
         required: false
 
 jobs:
   publish_release:
     runs-on: ubuntu-latest
+    environment: release
     permissions:
-      # This is useful if you want to use PyPI trusted publisher
-      # and NPM provenance
       id-token: write
     steps:
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
 
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - name: Populate Release
         id: populate-release
         uses: jupyter-server/jupyter_releaser/.github/actions/populate-release@v2
         with:
-          token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           branch: ${{ github.event.inputs.branch }}
           release_url: ${{ github.event.inputs.release_url }}
           steps_to_skip: ${{ github.event.inputs.steps_to_skip }}
@@ -37,16 +42,16 @@ jobs:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         uses: jupyter-server/jupyter_releaser/.github/actions/finalize-release@v2
         with:
-          token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           release_url: ${{ steps.populate-release.outputs.release_url }}
 
-      - name: '** Next Step **'
+      - name: "** Next Step **"
         if: ${{ success() }}
         run: |
           echo "Verify the final release"
           echo ${{ steps.finalize-release.outputs.release_url }}
 
-      - name: '** Failure Message **'
+      - name: "** Failure Message **"
         if: ${{ failure() }}
         run: |
           echo "Failed to Publish the Draft Release Url:"