Skip to content

ci(security): use default GITHUB_TOKEN for git push, not App token#361

Merged
TalZaccai merged 1 commit into
mainfrom
dev/talzacc/fix-pushtoken-auth
Jun 2, 2026
Merged

ci(security): use default GITHUB_TOKEN for git push, not App token#361
TalZaccai merged 1 commit into
mainfrom
dev/talzacc/fix-pushtoken-auth

Conversation

@TalZaccai
Copy link
Copy Markdown
Contributor

@TalZaccai TalZaccai commented Jun 2, 2026

Problem

The fix-dependabot-alerts scheduled run is failing at git push with:

remote: Permission to microsoft/TypeChat.git denied to typeagent-bot[bot].
fatal: ... error: 403

Root cause confirmed via a diagnostic step on a temp branch:

=== Token permissions on microsoft/TypeChat ===
{"admin":false,"maintain":false,"pull":false,"push":false,"triage":false}

The workflow was using the GitHub App token for git push, which requires Contents: write at the App installation level. That's a permission the App didn't have (and shouldn't need to have — it has no business reading repo content for any other reason).

Fix

Match the microsoft/TypeAgent workflow pattern: keep persist-credentials: false on actions/checkout (so the token isn't reachable from untrusted npm install/build/test phases), but at the very end of the job — after all untrusted code has run — re-inject the workflow's own GITHUB_TOKEN, already scoped to contents: write via the workflow-level permissions: block, for the git push.

The App token is now used only where it must be:

  • gh api dependabot/alerts (the default GITHUB_TOKEN can't reach this endpoint)
  • gh pr create / labelling / closing superseded PRs (so the PR identity is the bot, not github-actions)

Verification

Manually triggered a workflow_dispatch run against a temp branch carrying this same patch — it passed git push and opened #360 with the legitimate minimatch patch. Logs: https://github.com/microsoft/TypeChat/actions/runs/26842937700

Cleanup follow-ups

@TalZaccai
ci(security): push with default GITHUB_TOKEN, not App token
95e6f9a 
The fix-dependabot-alerts workflow was using the GitHub App token for
git push, which required granting the App `Contents: write` at the
installation level. That permission wasn't (and didn't need to be)
granted, causing the scheduled run to 403 at `git push` with
'Permission to microsoft/TypeChat.git denied to typeagent-bot[bot]'.

Match the TypeAgent workflow pattern instead: keep
`persist-credentials: false` on checkout (so the token isn't reachable
from untrusted `npm` scripts during the verify phase), but at the very
end of the job re-inject the workflow's own GITHUB_TOKEN — already
scoped to `contents: write` via the workflow-level `permissions:`
block — for the git push.

The App token is now used only where it must be:
- `gh api dependabot/alerts` (the default GITHUB_TOKEN can't reach
  this endpoint)
- `gh pr create` / labels / closing superseded PRs (so the PR
  identity is the bot, not github-actions)

Verified end-to-end: a manual workflow_dispatch run against a temp
branch passed git push and opened #360.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@TalZaccai TalZaccai mentioned this pull request Jun 2, 2026
Closed
3 tasks
@TalZaccai TalZaccai assigned Copilot and robgruen and unassigned robgruen and Copilot Jun 2, 2026
@TalZaccai TalZaccai requested a review from Copilot June 2, 2026 23:43
Copilot AI reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the fix-dependabot-alerts workflow to push remediation branches using the workflow-scoped default GITHUB_TOKEN (with contents: write) instead of the GitHub App token, aligning with the intended permission model and avoiding push failures due to missing App installation permissions.

Changes:

  • Adds a dedicated GIT_PUSH_TOKEN environment variable wired to the default GITHUB_TOKEN for authenticated git push.
  • Keeps the GitHub App token (GH_TOKEN) for Dependabot alerts API access and gh pr create so PRs are authored under the bot identity.
  • Switches the git remote set-url used for pushing to use GIT_PUSH_TOKEN rather than the App token.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@TalZaccai TalZaccai merged commit d3acad1 into main Jun 2, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TalZaccai @robgruen