Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(release): use github app token for tag push #709

Merged
merged 1 commit into from
Jul 19, 2024

Conversation

project-defiant
Copy link
Contributor

✨ Context

This PR is continuation of testing release of the gentropy Docker image with specific tag, when release is triggered - for more detail check opentargets/issues#3384

🛠 What does this PR implement

🙈 Missing

🚦 Before submitting

  • Do these changes cover one single feature (one change at a time)?
  • Did you read the contributor guideline?
  • Did you make sure to update the documentation with your changes?
  • Did you make sure there is no commented out code in this PR?
  • Did you follow conventional commits standards in PR title and commit messages?
  • Did you make sure the branch is up-to-date with the dev branch?
  • Did you write any new necessary tests?
  • Did you make sure the changes pass local tests (make test)?
  • Did you make sure the changes pass pre-commit rules (e.g poetry run pre-commit run --all-files)?

@project-defiant
Copy link
Contributor Author

@ireneisdoomed, please check the opentargets/issues#3384 (comment)

Copy link
Contributor

@ireneisdoomed ireneisdoomed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if I understand correctly you are swapping the Github access tokens between the one provided by the action, which generates a token from the Github App, and the secret token created by default.

The difference between them is that the App token can extend the repo's permissions and can be used to trigger workflows, which is why you use it to create the tag with the semantic release.

@@ -34,14 +34,15 @@ jobs:
fetch-depth: 0
repository: opentargets/gentropy
token: ${{ secrets.GITHUB_TOKEN }}
persist-credentials: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this added for security reasons or because it is needed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actions/checkout#485 - I have added it not to persist this token, as it's not the default one.

@project-defiant
Copy link
Contributor Author

That is correct!

@project-defiant project-defiant merged commit 19ca45e into dev Jul 19, 2024
4 checks passed
@DSuveges DSuveges deleted the 3384-use-token-from-github-app-to-push-tag branch October 1, 2024 11:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants