Skip to content

ci: create workflow to automatically update snapshots#4308

Merged
another-rex merged 1 commit intogoogle:masterfrom
ackama:apitester/update-robot
Nov 18, 2025
Merged

ci: create workflow to automatically update snapshots#4308
another-rex merged 1 commit intogoogle:masterfrom
ackama:apitester/update-robot

Conversation

@G-Rath
Copy link
Copy Markdown
Collaborator

@G-Rath G-Rath commented Nov 4, 2025
edited
Loading

This is based off the robot in osv-scanner

@G-Rath G-Rath force-pushed the apitester/update-robot branch from 13f8f4b to cba995b Compare November 17, 2025 18:22
@G-Rath G-Rath marked this pull request as ready for review November 17, 2025 18:22
another-rex
another-rex approved these changes Nov 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have also added PR_TOKEN_BOT to osv.dev, so this should work immediately

@another-rex another-rex merged commit f962ce6 into google:master Nov 18, 2025
18 checks passed
@G-Rath G-Rath deleted the apitester/update-robot branch November 18, 2025 19:05
@G-Rath
Copy link
Copy Markdown
Collaborator Author

G-Rath commented Nov 18, 2025

@another-rex but did you give the bot permission to access the repository? 😅
image

@another-rex
Copy link
Copy Markdown
Contributor

another-rex commented Nov 18, 2025

Hmm... it should have full access to the repo. Maybe it needs some special token perms?

@G-Rath
Copy link
Copy Markdown
Collaborator Author

G-Rath commented Nov 18, 2025

what about the token itself? its permissions can be scoped to specific repos

@another-rex
Copy link
Copy Markdown
Contributor

another-rex commented Nov 18, 2025
edited
Loading

Ok, made a fine grained token with I think the right types (For some reason fine grained tokens can't actually be scoped to specific repos that is not directly under your name, e.g. this is under google/osv.dev, not osv-robot/osv.dev, so it can't be scoped 🤦 )

Let's see:

https://github.com/google/osv.dev/actions/runs/19482596515

EDIT: Well that didn't work.

@G-Rath
Copy link
Copy Markdown
Collaborator Author

G-Rath commented Nov 18, 2025
edited
Loading

For some reason fine grained tokens can't actually be scoped to specific repos that is not directly under your name, e.g. this is under google/osv.dev, not osv-robot/osv.dev, so it can't be scoped

That should be possible so long as you're a member of the org? (its not possible for repos you've an outside collaborator on)

@another-rex
Copy link
Copy Markdown
Contributor

another-rex commented Nov 18, 2025

Ayy: #4356

I really don't understand fine grained tokens, switched back to classical tokens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@another-rex another-rex another-rex approved these changes

@michaelkedar michaelkedar Awaiting requested review from michaelkedar

@jess-lowe jess-lowe Awaiting requested review from jess-lowe

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@G-Rath @another-rex