Pass the token input through on GHES
#427
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brcrista
changed the title
token input through on GHEStoken input through on GHES
dmitry-shibanov
approved these changes
Jun 12, 2022
marko-zivic-93
approved these changes
Jun 13, 2022
panticmilos
approved these changes
Jun 13, 2022
|
The failing checks are for |
2 tasks
brcrista
added a commit
to ChristopherHX/setup-python
that referenced
this pull request
Aug 5, 2022
…actions#437)" This reverts commit cf86e08.
brcrista
added a commit
that referenced
this pull request
Aug 30, 2022
* Only use github.token on github.com This expression evaluates to `''` if called from GHES hosted elsewhere You can still provide your token on both github.com and GHES * Enshure blank result of expression and not false * Revert "Revert "Pass the `token` input through on GHES (#427)" (#437)" This reverts commit cf86e08. * fix typo * Add back the doc on the tool cache for self-hosted Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #229
Description
Customers hit this issue because they have a fleet of self-hosted runners behind a handful of NAT gateways. So, all of those runners look like the same small set of IPs to GitHub.
We currently null out the PAT when we're on GHES. This was done just to avoid confusion and not for any security reason.
Passing a github.com PAT to the
tokeninput is an inexpensive fix that gets the job done without a lot of complexity. While GitHub Connect is the ideal pattern here, usingtokendoesn't seem that bad in this case. The description for the token input says:Users already seem to expect it to be a github.com PAT, and being dropped silently is already unintuitive.
Given that we're not going to fund the GitHub Connect work, I think just removing the code to null out the PAT on GHES and updating the description for
tokento make the behavior clear is the best fix.Testing
Check list