Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github-action: use ephemeral tokens with the required permissions #198

Merged
merged 1 commit into from
Sep 18, 2024

Conversation

v1v
Copy link
Member

@v1v v1v commented Sep 9, 2024

Details

⚠️ This PR was created by an automated tool. Please review the changes carefully. ⚠️

What

Use https://github.com/tibdex/github-app-token to generate ephemeral tokens with the required
permissions only

This is the alternative to moving away from finer-grained GitHub tokens and reducing the
cumbersome of rotating them as we do nowadays.

Implementaiton details

We have used the same GitHub action in other places.

If there are any questions, please reach out to the @elastic/observablt-ci

@v1v v1v self-assigned this Sep 9, 2024
@v1v v1v requested a review from a team September 9, 2024 12:22
@v1v
Copy link
Member Author

v1v commented Sep 9, 2024

The CLA checker will cause some disruptions - I'm working on it with the relevant CLA owners. For now, I'll keep this draft to avoid surprises.

@v1v v1v marked this pull request as draft September 9, 2024 14:08
@v1v v1v marked this pull request as ready for review September 16, 2024 10:11
@v1v v1v merged commit 4df3097 into main Sep 18, 2024
11 checks passed
@v1v v1v deleted the gh-oblt/replace-token-with-app branch September 18, 2024 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants