-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
To retrieve the JobToken and CredToken directly from the Actions Environment instead of the Input Payload #1162
Merged
honeyankit
merged 12 commits into
main
from
honeyankit/use-env-to-extract-job-cred-tokens
Feb 21, 2024
Merged
To retrieve the JobToken and CredToken directly from the Actions Environment instead of the Input Payload #1162
honeyankit
merged 12 commits into
main
from
honeyankit/use-env-to-extract-job-cred-tokens
Feb 21, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pavera
approved these changes
Feb 8, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Need to support the backward compatibility so need to support tokens from both jobParameters and Actions environment variables. Edit: Backward support added in this commit: 0bd36fc |
abdulapopoola
approved these changes
Feb 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
With the use of the secret source, we provide job tokens/cred tokens to dynamic workflow via Twirp API call instead of passing those tokens as a input parameters to dynamic workflow for Dependabot on Actions. So, we have removed the tokens from the dynamic workflow's payload (behind a feature flag) in Dependabot's API, but the same payload in the dynamic workflow is used by dependabot-actions service (via webhook) to retrieve the job and cred tokens.
In this PR, we are using the Actions CI environment to retrieve the job/cred token which was earlier passed via input job parameters to Dependabot-action service.
Approach
After using the secret source token, we configure the Actions' environment variables through the secret context, embedding both job and credential tokens. This setup ensures that during the CI run of Actions, these tokens are accessible as environment variables for the Dependabot-actions service, allowing for their retrieval