From d0a42a2698f2ba21e7ab2dec750c5dbadeda0db5 Mon Sep 17 00:00:00 2001
From: Juro Oravec <juraj.oravec.josefson@gmail.com>
Date: Thu, 20 Mar 2025 21:26:54 +0100
Subject: [PATCH] refactor: use github app instead of pushing benchmarks via PR
 (#1052)

* refactor: use github app instead of pushing benchmarks via PR

* refactor: update github app bot git email
---
 .github/workflows/docs.yml | 69 +++++++++++++++++++-------------------
 1 file changed, 34 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 48112974..bcaf4186 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -18,7 +18,6 @@ jobs:
       contents: write  # to let mkdocs write the new docs
       pages: write     # to deploy to Pages
       id-token: write  # to verify the deployment originates from an appropriate source
-      pull-requests: write  # to merge to master via PR
     runs-on: ubuntu-latest
     # Only run in original repo (not in forks)
     if: github.repository == 'django-components/django-components'
@@ -28,29 +27,38 @@ jobs:
       # SETUP
       ##############################
 
+      # Authenticate with git with the Github App that has permission
+      # to push to master, in order to push benchmark results.
+      # See https://stackoverflow.com/a/79142962/9788634
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.RELEASE_BOT_APP_ID }}
+          private-key: ${{ secrets.RELEASE_BOT_APP_PRIVATE_KEY }}
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0
 
+      - name: Configure git account
+        run: |
+          git config user.name components-release-bot
+          git config user.email "components-release-bot@users.noreply.github.com"
+
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: "3.13"
           cache: 'pip'
 
-      - name: Install Hatch
+      - name: Install dependencies
         run: |
             python -m pip install --upgrade pip wheel
             python -m pip install -q hatch pre-commit asv
             hatch --version
 
-      - name: Configure git
-        run: |
-          # required for "mike deploy" command below which pushes to gh-pages
-          git config user.name github-actions
-          git config user.email github-actions@github.com
-
       ###########################################
       # RECORD BENCHMARK - ONLY ON PUSH TO MASTER
       ###########################################
@@ -121,43 +129,34 @@ jobs:
           asv publish
           echo "Benchmarks site DONE."
 
-          # Stage and commit benchmark results
-          # 1. Create a new branch and commit benchmark results
+          # Commit benchmark results
           echo "Staging and committing benchmark results..."
-          # Add timestamp to make branch name unique
-          TIMESTAMP=$(date +%Y%m%d%H%M%S)
-          BRANCH_NAME="benchmark-${TAG}-${TIMESTAMP}"
-          git checkout -b "${BRANCH_NAME}"
           git add .asv/results/
           git add docs/benchmarks/
           git commit -m "Add benchmark results for ${TAG}"
           echo "Benchmark results committed."
 
-          # 2. Push to the new branch
-          echo "Pushing benchmark results to new branch..."
-          git push -u origin "${BRANCH_NAME}"
-
-          # 3. Create a PR
-          PR_URL="$(gh pr create --title "chore: Add benchmark results for ${TAG}" --body "Add benchmark results for ${TAG}" --base master)"
-          echo "PR URL: ${PR_URL}"
-
-          # 4. Wait for the PR status checks to pass
-          gh pr checks "${PR_URL}" --watch
-
-          # 5. Merge the PR and delete the branch
-          gh pr merge "${PR_URL}" --admin --squash --delete-branch
+          # Push to the new branch
+          echo "Pushing benchmark results..."
+          git push origin master
           echo "Benchmark results pushed to master."
 
-          # 6. Go back to the original branch
-          git checkout master
-          git pull origin master
+      ###########################################
+      # BUILD & RELEASE DOCS
+      ###########################################
 
-      ##############################
-      # BUILD & DEPLOY DOCS
-      ##############################
+      # Change git authentication to Github Actions, so the rest of the
+      # workflow will have lower privileges.
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-      - name: Create Virtual Environment
-        run: hatch env create docs
+      - name: Configure git
+        run: |
+          # required for "mike deploy" command below which pushes to gh-pages
+          git config user.name github-actions
+          git config user.email github-actions@github.com
 
       # Conditions make sure to select the right step, depending on the job trigger.
       # Only one of the steps below will run at a time. The others will be skipped.