Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get rid of use of PAT #348

Open
jepler opened this issue Jun 27, 2023 · 1 comment
Open

Get rid of use of PAT #348

jepler opened this issue Jun 27, 2023 · 1 comment

Comments

@jepler
Copy link
Member

jepler commented Jun 27, 2023

The following jobs use secrets.ADABOT_GITHUB_ACCESS_TOKEN which is a classic personal authentication token:

.github/workflows/bundle_cron.yml:        ADABOT_GITHUB_ACCESS_TOKEN: ${{ secrets.ADABOT_GITHUB_ACCESS_TOKEN }}
.github/workflows/learn_cron.yml:        token: ${{ secrets.ADABOT_GITHUB_ACCESS_TOKEN }}
.github/workflows/reports_cron.yml:      ADABOT_GITHUB_ACCESS_TOKEN: ${{ secrets.ADABOT_GITHUB_ACCESS_TOKEN }}
.github/workflows/test.yml:        ADABOT_GITHUB_ACCESS_TOKEN: ${{ secrets.ADABOT_GITHUB_ACCESS_TOKEN }}

When use of classic PATs was disabled, at least "learn_cron" and "bundle_cron" failed.

classic PATs have now been re-enabled at the repo level and the steps seem to succeed now instead of failing. However, we should do something about the use of classic PATs in the long term.

For learn_cron and bundle_cron, one possibility might be to move those items to the cron of learn / bundle, where they will automatically have a token that lets them push to the same repo where the action is running.

attn @kattni please add any info I'm missing or make any corrections, I'm operating on incomplete knowledge here (as we all may be)

@tekktrik
Copy link
Member

I think this is a good idea. This meshes well with my (eventual) plan to try to move repo checks into the actual repo themselves to save on GitHub API rate limiting issues as well as time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants