-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align pull request resource and pullrequest-init #1615
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
16659a6
to
1a96960
Compare
1a96960
to
e1f88a9
Compare
/test pull-tekton-pipeline-integration-tests |
e1f88a9
to
3f58897
Compare
The pullrequest-init module reads the token from GITHUB_TOKEN. The pull request resources sets strings.ToUpper('githubToken'), so credentials are not picked up. The environment variable name and the pull request field name do not need to be bound to each other, so keep the pull request field name to 'githubToken' (do not break anyone) - keep the pullrequest-init interface with GITHUB_TOKEN, in case someone uses it outside of the resource, and pass the right env variable to match what pullrequest-init expects.
3f58897
to
3f0689d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
githubTokenEnv = "githubToken" | ||
prSource = "pr-source" | ||
githubTokenField = "githubToken" | ||
// nolint: gosec |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what's this about? (might be worth a comment of its own)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can add a comment as a follow-up.
gosec
thinks that we might be hardcoding credentials in there....
I1126 14:29:17.615] pkg/apis/pipeline/v1alpha1/pull_request_resource.go:30: G101: Potential hardcoded credentials (gosec)
I1126 14:29:17.647] githubTokenEnv = "GITHUB_TOKEN"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh weird haha
The pullrequest-init module reads the token from GITHUB_TOKEN.
The pull request resources sets strings.ToUpper('githubToken'),
so credentials are not picked up.
The environment variable name and the pull request field name
do not need to be bound to each other, so keep the pull request
field name to 'githubToken' (do not break anyone) - keep the
pullrequest-init interface with GITHUB_TOKEN, in case someone
uses it outside of the resource, and pass the right env
variable to match what pullrequest-init expects.
Changes
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmd
dir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.
Release Notes