Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Switch to GH App token #170

Merged
merged 1 commit into from
Aug 18, 2024
Merged

ci: Switch to GH App token #170

merged 1 commit into from
Aug 18, 2024

Conversation

samuelburnham
Copy link
Member

@samuelburnham samuelburnham commented Aug 18, 2024
edited
Loading

Switches to a GitHub App-generated token instead of a PAT when opening an automated PR via peter-evans/create-pull-request, per the docs (1,2).

The default action behavior is to create a PR using the github-actions bot (e.g. #133). However, this has the limitation of not triggering CI, as the default GITHUB_TOKEN doesn't have permissions to trigger other workflows.

To work around this, we switched to a PAT. However, this changes the PR author to the owner of the PAT, which means that the author isn't allowed to review their own PR.

This PR thus switches to an ephemeral GitHub App token created by the argument-ci-bot app, which is scoped to the https://github.com/argumentcomputer org and specific repositories for security.

Successful run: #172

@samuelburnham samuelburnham force-pushed the ci-app-token branch 6 times, most recently from 44827df to 12c980a Compare August 18, 2024 17:15
@samuelburnham samuelburnham marked this pull request as ready for review August 18, 2024 17:28
huitseeker
huitseeker approved these changes Aug 18, 2024
View reviewed changes
Copy link
Contributor

@huitseeker huitseeker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thanks for digging into this long-standing annoyance!

@samuelburnham samuelburnham merged commit c4041b3 into dev Aug 18, 2024
12 checks passed
@samuelburnham samuelburnham deleted the ci-app-token branch August 18, 2024 20:27
@samuelburnham samuelburnham mentioned this pull request Aug 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@huitseeker huitseeker huitseeker approved these changes

@wwared wwared Awaiting requested review from wwared

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samuelburnham @huitseeker