Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use custom token in release CI #510

Merged
merged 1 commit into from
Aug 19, 2022
Merged

Use custom token in release CI #510

merged 1 commit into from
Aug 19, 2022

Conversation

kachkaev
Copy link
Contributor

@kachkaev kachkaev commented Aug 19, 2022
edited

When you use the repository’s GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

Use a repo scoped Personal Access Token (PAT) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and recommended by GitHub. However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated machine account that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.

@github-actions github-actions bot added the area: infra Relates to version control, CI, CD or IaC (area) label Aug 19, 2022
@kachkaev kachkaev marked this pull request as ready for review August 19, 2022 14:10
@kachkaev kachkaev requested a review from CiaranMn August 19, 2022 14:11
@codecov
Copy link

codecov bot commented Aug 19, 2022

Codecov Report

Merging #510 (d075db2) into main (89e0bac) will increase coverage by 0.05%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #510      +/-   ##
==========================================
+ Coverage   62.45%   62.50%   +0.05%     
==========================================
  Files         229      229              
  Lines        3750     3750              
  Branches      904      904              
==========================================
+ Hits         2342     2344       +2     
+ Misses       1109     1104       -5     
- Partials      299      302       +3
Flag Coverage Δ
site-integration 62.50% <ø> (+0.05%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
site/src/pages/login.page.tsx 77.77% <0.00%> (-6.67%) ⬇️
site/src/components/navbar.tsx 94.25% <0.00%> (+1.14%) ⬆️
.../src/components/pages/hub/block-data-container.tsx 86.15% <0.00%> (+1.53%) ⬆️
site/src/components/pages/hub/json-editor.tsx 70.96% <0.00%> (+9.67%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@kachkaev kachkaev enabled auto-merge (squash) August 19, 2022 15:11
@kachkaev kachkaev merged commit 82224c7 into main Aug 19, 2022
@kachkaev kachkaev deleted the ak/use-personal-token-in-release-ci branch August 19, 2022 15:19
This was referenced Aug 25, 2022
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CiaranMn CiaranMn CiaranMn approved these changes

Assignees
No one assigned
Labels
area: infra Relates to version control, CI, CD or IaC (area)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kachkaev @CiaranMn