Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

To retrieve the JobToken and CredToken directly from the Actions Environment instead of the Input Payload #1162

Merged
merged 12 commits into from
Feb 21, 2024
Merged

To retrieve the JobToken and CredToken directly from the Actions Environment instead of the Input Payload #1162

merged 12 commits into from
Feb 21, 2024

Conversation

honeyankit
Copy link
Contributor

@honeyankit honeyankit commented Feb 8, 2024
edited by landongrindheim

Context

With the use of the secret source, we provide job tokens/cred tokens to dynamic workflow via Twirp API call instead of passing those tokens as a input parameters to dynamic workflow for Dependabot on Actions. So, we have removed the tokens from the dynamic workflow's payload (behind a feature flag) in Dependabot's API, but the same payload in the dynamic workflow is used by dependabot-actions service (via webhook) to retrieve the job and cred tokens.

In this PR, we are using the Actions CI environment to retrieve the job/cred token which was earlier passed via input job parameters to Dependabot-action service.

// Retrieve jobToken and credentialsToken from environment variables
const jobToken = process.env.GITHUB_DEPENDABOT_JOB_TOKEN
const credentialsToken = process.env.GITHUB_DEPENDABOT_CRED_TOKEN

Approach

After using the secret source token, we configure the Actions' environment variables through the secret context, embedding both job and credential tokens. This setup ensures that during the CI run of Actions, these tokens are accessible as environment variables for the Dependabot-actions service, allowing for their retrieval

@honeyankit honeyankit self-assigned this Feb 8, 2024
@honeyankit honeyankit marked this pull request as ready for review February 8, 2024 20:30
@honeyankit honeyankit requested a review from a team as a code owner February 8, 2024 20:30
pavera
pavera approved these changes Feb 8, 2024
View reviewed changes
Copy link
Contributor

@pavera pavera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@honeyankit
Copy link
Contributor Author

honeyankit commented Feb 8, 2024
edited

Need to support the backward compatibility so need to support tokens from both jobParameters and Actions environment variables.

Edit: Backward support added in this commit: 0bd36fc

@honeyankit
Copy link
Contributor Author

Tested this branch to retrieve jobToken and CredToken directly from the Action environment and it works:

image

@honeyankit
Copy link
Contributor Author

After merge conflict, I tested my changes successfully

image

@honeyankit honeyankit merged commit b6934e3 into main Feb 21, 2024
9 checks passed
@honeyankit honeyankit deleted the honeyankit/use-env-to-extract-job-cred-tokens branch February 21, 2024 01:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abdulapopoola abdulapopoola abdulapopoola approved these changes

@pavera pavera pavera approved these changes

Assignees

@honeyankit honeyankit

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@honeyankit @abdulapopoola @pavera