GHA-184 Add GitHub token for private rspec repository access#91
GHA-184 Add GitHub token for private rspec repository access#91nils-werner-sonarsource merged 2 commits intomasterfrom
Conversation
…etadata The rspec repository is now private, requiring authentication. This adds a GitHub token from vault and passes it as GITHUB_TOKEN env variable to the rule-api execution step. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
hashicorp-vault-sonar-prod
bot
changed the title
…cess The -its token does not have read access to SonarSource/rspec. Use -rspec-read which matches the pattern used by sonar-rule-api's own CI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SonarQube reviewer guideSummary: Add vault secret retrieval and CI validation for GitHub token used to access private rspec repository. Review Focus: Verify that the GitHub token vault configuration (new secret path Start review at:
|
2 participants
This pull request enhances the
update-rule-metadataGitHub Action by integrating support for securely retrieving and using a GitHub token from Vault for accessing a private rspec repository. It also adds automated tests to verify the correct configuration and usage of Vault secrets and environment variables. Documentation has been updated to reflect these new requirements and dependencies.Vault Integration and Environment Variable Handling:
development/github/token/{REPO_OWNER_NAME_DASH}-rspec-readtoken from Vault in theupdate-rule-metadata/action.yml, mapping it to theGITHUB_TOKENenvironment variable for use in the rule-api execution step. [1] [2]Test with RPG: https://github.com/SonarSource/sonar-rpg/commit/941329c4daa4f966b3dc152857a5b9359c68b952
Proof-of-concept: https://github.com/SonarSource/sonar-rpg/actions/runs/22098525058