Skip to content

ci(coverage): use app token for push (persist-credentials: false) #1466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sbryngelson merged 1 commit into from
May 30, 2026
+7 −1
Merged

ci(coverage): use app token for push (persist-credentials: false) #1466

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion .github/workflows/coverage-refresh.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,14 @@ jobs:
group: phoenix
labels: gt
steps:
# persist-credentials: false stops actions/checkout from configuring the
# default GITHUB_TOKEN as an http.extraheader, which otherwise OVERRIDES the
# app-token credentials embedded in the push URL below — making the push
# authenticate as github-actions[bot] (not a ruleset bypass actor) and get
# rejected by the require-PR rule. With it off, the app token is used and the
# mfc-map-bot bypass applies.
- uses: actions/checkout@v4
with: { clean: false }
with: { clean: false, persist-credentials: false }
- name: Build + collect coverage map (SLURM)
run: bash .github/scripts/submit-slurm-job.sh .github/workflows/common/coverage-refresh.sh cpu none phoenix
# Mint a short-lived GitHub App installation token. The app is on the master
Expand Down
Loading