Update GitHub workflows with App token

EC2 Default User · EC2 Default User · commit 138a3b6bca6d · 2025-09-19T19:12:16.000Z
diff --git a/.github/workflows/mysql-version-check.yml b/.github/workflows/mysql-version-check.yml
@@ -1,19 +1,21 @@
 name: Block MySQL 5.x Usage
-
 on:
   pull_request:
     branches:
       - develop
-
 jobs:
   mysql-check:
     runs-on:
       labels: self-hosted
-
     steps:
+      - name: Create GitHub App token
+        id: github-app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.InsiderActionsApplication_APP_ID }}
+          private-key: ${{ secrets.InsiderActionsApplication_PRIVATE_KEY }}
       - name: Checkout code
         uses: actions/checkout@v4
-
       - name: Check for MySQL 5.x
         run: |
           echo "Scanning for MySQL 5.x usage..."
@@ -30,4 +32,4 @@ jobs:
             exit 1
           else
             echo "No MySQL 5.x usage found."
-          fi
+          fi
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -1,54 +1,52 @@
-name: 'Create README.md file'
+name: Create README.md file
 on:
   push:
     branches:
       - master
-
 jobs:
   readme-create:
-    name: 'readme-create'
+    name: readme-create
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
+      - name: Create GitHub App token
+        id: github-app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.InsiderActionsApplication_APP_ID }}
+          private-key: ${{ secrets.InsiderActionsApplication_PRIVATE_KEY }}
+      - name: Checkout
         uses: actions/checkout@v2.3.4
-
-      - name: 'Set up Python 3.7'
+      - name: Set up Python 3.7
         uses: actions/setup-python@v2
         with:
-          python-version: '3.x'
-
-      - name: 'create readme'
-        uses: 'clouddrove/github-actions@v8.0'
+          python-version: 3.x
+      - name: create readme
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'readme'
-          github_token: '${{ secrets.GITHUB}}'
+          actions_subcommand: readme
+          github_token: ${{ secrets.GITHUB}}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
-
-
-      - name: 'pre-commit check errors'
+      - name: pre-commit check errors
         uses: pre-commit/action@v2.0.0
         continue-on-error: true
-
-      - name: 'pre-commit fix errors'
+      - name: pre-commit fix errors
         uses: pre-commit/action@v2.0.0
         continue-on-error: true
-
-      - name: 'push readme'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: push readme
+        uses: clouddrove/github-actions@v8.0
         continue-on-error: true
         with:
-          actions_subcommand: 'push'
+          actions_subcommand: push
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
-
-      - name: 'Slack Notification'
+      - name: Slack Notification
         uses: clouddrove/action-slack@v2
         with:
           status: ${{ job.status }}
           fields: repo,author
-          author_name: 'CloudDrove'
+          author_name: CloudDrove
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }}
         if: always()
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -1,111 +1,119 @@
-name: 'Terraform GitHub Actions'
+name: Terraform GitHub Actions
 on:
   pull_request:
     branches:
       - master
-
 jobs:
   fmt:
-    name: 'terraform fmt'
+    name: terraform fmt
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
+      - name: Create GitHub App token
+        id: github-app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.InsiderActionsApplication_APP_ID }}
+          private-key: ${{ secrets.InsiderActionsApplication_PRIVATE_KEY }}
+      - name: Checkout
         uses: actions/checkout@v2.3.4
-
-      - name: 'Terraform Format'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: Terraform Format
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'fmt'
-      - name: 'Terraform Format'
-        uses: 'clouddrove/github-actions@v8.0'
+          actions_subcommand: fmt
+      - name: Terraform Format
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'fmt'
-
+          actions_subcommand: fmt
   basic:
-    name: 'basic'
+    name: basic
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
+      - name: Create GitHub App token
+        id: github-app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.InsiderActionsApplication_APP_ID }}
+          private-key: ${{ secrets.InsiderActionsApplication_PRIVATE_KEY }}
+      - name: Checkout
         uses: actions/checkout@v2.3.4
-
-      - name: 'Configure AWS Credentials'
+      - name: Configure AWS Credentials
         uses: clouddrove/configure-aws-credentials@v1
         with:
           aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
           aws-region: us-east-2
-
-      - name: 'Terraform init for basic'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: Terraform init for basic
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'init'
+          actions_subcommand: init
           tf_actions_working_dir: ./_example/basic
-
-      - name: 'Terraform validate for basic'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: Terraform validate for basic
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'validate'
+          actions_subcommand: validate
           tf_actions_working_dir: ./_example/basic
-
-      - name: 'Terraform plan for basic'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: Terraform plan for basic
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'plan'
+          actions_subcommand: plan
           tf_actions_working_dir: ./_example/basic
-
   complete:
-    name: 'complete'
+    name: complete
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
+      - name: Create GitHub App token
+        id: github-app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.InsiderActionsApplication_APP_ID }}
+          private-key: ${{ secrets.InsiderActionsApplication_PRIVATE_KEY }}
+      - name: Checkout
         uses: actions/checkout@v2.3.4
-
-      - name: 'Configure AWS Credentials'
+      - name: Configure AWS Credentials
         uses: clouddrove/configure-aws-credentials@v1
         with:
           aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
           aws-region: us-east-2
-
-      - name: 'Terraform init for complete'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: Terraform init for complete
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'init'
+          actions_subcommand: init
           tf_actions_working_dir: ./_example/complete
-
-      - name: 'Terraform validate complete'
-        uses: 'clouddrove/github-actions@v8.0'
+      - name: Terraform validate complete
+        uses: clouddrove/github-actions@v8.0
         with:
-          actions_subcommand: 'validate'
+          actions_subcommand: validate
           tf_actions_working_dir: ./_example/complete
-
-
   pre-commit:
-    name: 'Pre-Commit'
+    name: Pre-Commit
     needs:
       - fmt
       - basic
       - complete
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
+      - name: Create GitHub App token
+        id: github-app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.InsiderActionsApplication_APP_ID }}
+          private-key: ${{ secrets.InsiderActionsApplication_PRIVATE_KEY }}
+      - name: Checkout
         uses: actions/checkout@v2.3.4
-
-      - name: 'Install Tflint'
+      - name: Install Tflint
         run: |
           curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
-
-      - name: 'Pre-Commit 🔎'
+      - name: Pre-Commit 🔎
         uses: pre-commit/action@v2.0.3
         continue-on-error: true
-
-      - name: 'Slack Notification'
+      - name: Slack Notification
         uses: clouddrove/action-slack@v2
         with:
           status: ${{ job.status }}
           fields: repo,author
-          author_name: 'CloudDrove'
+          author_name: CloudDrove
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }}
         if: always()
