From 38b59756e9b49998599e11e80146fa69cb427603 Mon Sep 17 00:00:00 2001 From: michaelpineirocontentful Date: Wed, 28 Jan 2026 13:29:14 -0700 Subject: [PATCH 1/7] feat: [ARC-708] add referencingEntryId to resources types release From f523c5f6d71d57e7c0ed9e39941276b19636ba98 Mon Sep 17 00:00:00 2001 From: michaelpineirocontentful Date: Wed, 28 Jan 2026 13:29:14 -0700 Subject: [PATCH 2/7] fix: contentful/node-apps-toolkit.git-denied-to-github-actions-bot --- .github/workflows/pages-build-deployment.yml | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pages-build-deployment.yml b/.github/workflows/pages-build-deployment.yml index e5be585a..aea36bc1 100644 --- a/.github/workflows/pages-build-deployment.yml +++ b/.github/workflows/pages-build-deployment.yml @@ -9,14 +9,34 @@ on: permissions: contents: read pages: write + id-token: write jobs: build: runs-on: ubuntu-latest steps: + - name: Retrieve Secrets from Vault + id: vault + uses: hashicorp/vault-action@v3.4.0 + with: + url: ${{ secrets.VAULT_URL }} + role: ${{ github.event.repository.name }}-github-action + method: jwt + path: github-actions + exportEnv: false + secrets: | + secret/data/github/github_packages_write GITHUB_PACKAGES_WRITE_TOKEN | GITHUB_PACKAGES_WRITE_TOKEN; + github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN ; + secret/data/github/automation-app-user GH_USER_NAME | GIT_COMMITTER_NAME ; + secret/data/github/automation-app-user GH_USER_EMAIL | GIT_COMMITTER_EMAIL ; + - name: Checkout Repository uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.event.workflow_run.head_branch || github.ref }} + token: ${{ steps.vault.outputs.GITHUB_TOKEN }} - name: Set up Node.js uses: actions/setup-node@v3 @@ -32,6 +52,6 @@ jobs: - name: Deploy to GitHub Pages uses: peaceiris/actions-gh-pages@v4 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.vault.outputs.GITHUB_TOKEN }} publish_dir: ./docs publish_branch: gh-pages From c3f906d24716d599ad2d41610d6e032707b69de7 Mon Sep 17 00:00:00 2001 From: michaelpineirocontentful Date: Wed, 28 Jan 2026 14:04:27 -0700 Subject: [PATCH 3/7] fix: contentful/node-apps-toolkit.git-denied-to-github-actions-bot --- .contentful/vault-secrets.yaml | 1 + .github/workflows/pages-build-deployment.yml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.contentful/vault-secrets.yaml b/.contentful/vault-secrets.yaml index c8b17a22..0de1fb6b 100644 --- a/.contentful/vault-secrets.yaml +++ b/.contentful/vault-secrets.yaml @@ -6,4 +6,5 @@ services: circleci: policies: - semantic-release-ecosystem + - semantic-release - packages-read diff --git a/.github/workflows/pages-build-deployment.yml b/.github/workflows/pages-build-deployment.yml index aea36bc1..951feb6c 100644 --- a/.github/workflows/pages-build-deployment.yml +++ b/.github/workflows/pages-build-deployment.yml @@ -26,7 +26,6 @@ jobs: path: github-actions exportEnv: false secrets: | - secret/data/github/github_packages_write GITHUB_PACKAGES_WRITE_TOKEN | GITHUB_PACKAGES_WRITE_TOKEN; github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN ; secret/data/github/automation-app-user GH_USER_NAME | GIT_COMMITTER_NAME ; secret/data/github/automation-app-user GH_USER_EMAIL | GIT_COMMITTER_EMAIL ; From 3e6cbf02b23437f136fe0e11d317b245833f91e0 Mon Sep 17 00:00:00 2001 From: michaelpineirocontentful Date: Wed, 28 Jan 2026 14:14:29 -0700 Subject: [PATCH 4/7] fix: semantic-release GH policy --- .contentful/vault-secrets.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.contentful/vault-secrets.yaml b/.contentful/vault-secrets.yaml index 0de1fb6b..296e1e29 100644 --- a/.contentful/vault-secrets.yaml +++ b/.contentful/vault-secrets.yaml @@ -3,6 +3,7 @@ services: github-action: policies: - dependabot + - semantic-release circleci: policies: - semantic-release-ecosystem From d72127f19cc43e3a91c35826b2f74b06b02bdd08 Mon Sep 17 00:00:00 2001 From: Michael Pineiro Date: Wed, 28 Jan 2026 13:39:38 -0700 Subject: [PATCH 5/7] feat: [ARC-708] add referencingEntryId to resources types release (#812) From 94e0052afe2d60650a1d3d8a83677a2761d0ce21 Mon Sep 17 00:00:00 2001 From: michaelpineirocontentful Date: Wed, 28 Jan 2026 14:32:57 -0700 Subject: [PATCH 6/7] fix: remove vault steps so that the build can pass with new vault setup fix: remove semantic release ecosystem --- .circleci/config.yml | 2 +- .contentful/vault-secrets.yaml | 1 - .github/workflows/pages-build-deployment.yml | 21 +------------------- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 05cd8511..7c9b1539 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -61,7 +61,7 @@ jobs: steps: - checkout - vault/get-secrets: - template-preset: "semantic-release-ecosystem" + template-preset: "semantic-release" - run: echo "//npm.pkg.github.com/:_authToken=${GITHUB_PACKAGES_WRITE_TOKEN}" > ~/.npmrc - run: echo "@contentful:registry=https://npm.pkg.github.com" >> ~/.npmrc - node/install: diff --git a/.contentful/vault-secrets.yaml b/.contentful/vault-secrets.yaml index 296e1e29..74f4fb74 100644 --- a/.contentful/vault-secrets.yaml +++ b/.contentful/vault-secrets.yaml @@ -6,6 +6,5 @@ services: - semantic-release circleci: policies: - - semantic-release-ecosystem - semantic-release - packages-read diff --git a/.github/workflows/pages-build-deployment.yml b/.github/workflows/pages-build-deployment.yml index 951feb6c..e5be585a 100644 --- a/.github/workflows/pages-build-deployment.yml +++ b/.github/workflows/pages-build-deployment.yml @@ -9,33 +9,14 @@ on: permissions: contents: read pages: write - id-token: write jobs: build: runs-on: ubuntu-latest steps: - - name: Retrieve Secrets from Vault - id: vault - uses: hashicorp/vault-action@v3.4.0 - with: - url: ${{ secrets.VAULT_URL }} - role: ${{ github.event.repository.name }}-github-action - method: jwt - path: github-actions - exportEnv: false - secrets: | - github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN ; - secret/data/github/automation-app-user GH_USER_NAME | GIT_COMMITTER_NAME ; - secret/data/github/automation-app-user GH_USER_EMAIL | GIT_COMMITTER_EMAIL ; - - name: Checkout Repository uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.workflow_run.head_branch || github.ref }} - token: ${{ steps.vault.outputs.GITHUB_TOKEN }} - name: Set up Node.js uses: actions/setup-node@v3 @@ -51,6 +32,6 @@ jobs: - name: Deploy to GitHub Pages uses: peaceiris/actions-gh-pages@v4 with: - github_token: ${{ steps.vault.outputs.GITHUB_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs publish_branch: gh-pages From d69d71808891854aa44efb764532f2c2dcdd4ce3 Mon Sep 17 00:00:00 2001 From: michaelpineirocontentful Date: Wed, 28 Jan 2026 15:22:04 -0700 Subject: [PATCH 7/7] chore: add vault secrets --- .github/workflows/pages-build-deployment.yml | 21 +++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pages-build-deployment.yml b/.github/workflows/pages-build-deployment.yml index e5be585a..2b5b0b6b 100644 --- a/.github/workflows/pages-build-deployment.yml +++ b/.github/workflows/pages-build-deployment.yml @@ -9,14 +9,33 @@ on: permissions: contents: read pages: write + id-token: write jobs: build: runs-on: ubuntu-latest steps: + - name: Retrieve Secrets from Vault + id: vault + uses: hashicorp/vault-action@v3.4.0 + with: + url: ${{ secrets.VAULT_URL }} + role: ${{ github.event.repository.name }}-github-action + method: jwt + path: github-actions + exportEnv: false + secrets: | + github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN ; + secret/data/github/automation-app-user GH_USER_NAME | GIT_COMMITTER_NAME ; + secret/data/github/automation-app-user GH_USER_EMAIL | GIT_COMMITTER_EMAIL ; + - name: Checkout Repository uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.event.workflow_run.head_branch || github.ref }} + token: ${{ steps.vault.outputs.GITHUB_TOKEN }} - name: Set up Node.js uses: actions/setup-node@v3 @@ -32,6 +51,6 @@ jobs: - name: Deploy to GitHub Pages uses: peaceiris/actions-gh-pages@v4 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.vault.outputs.GITHUB_TOKEN }} publish_dir: ./docs publish_branch: gh-pages