NH-62724: update secrets for github_action #83
Conversation
| - name: Create release draft that includes the checksum | ||
| uses: actions/github-script@v3 | ||
| with: | ||
| github-token: ${{secrets.CI_GITHUB_TOKEN}} | ||
| github-token: ${{ steps.github-token.outputs.token }} |
There was a problem hiding this comment.
Curious, this was changed from the automatic GITHUB_TOKEN... does it not work for create release (even if given higher privilege) and we really need an Admin-level token like secrets.APPLICATION_PRIVATE_KEY?
There was a problem hiding this comment.
updated wrong link in above comment
There was a problem hiding this comment.
TRACE_BUILD_RUBY_ACTIONS_API_TOKEN (e.g. TRACE_BUILD_TOKEN in the action file) is used in https://github.com/solarwindscloud/swotel-ruby/blob/main/Rakefile#L96-L99. This is a legacy method that verify the oboe file is consistent with the aws bucket downloaded.
For the create release, probably only need the contents: write permission (ref)
There was a problem hiding this comment.
I see. Let's leave the TRACE_BUILD_RUBY_ACTIONS_API_TOKEN as-is then, that Rake task might be useful.
For creating the release, can you update line 84 to use the automatic GITHUB_TOKEN instead?
There was a problem hiding this comment.
Can then remove the Obtain github token step.
| - name: Create release draft that includes the checksum | ||
| uses: actions/github-script@v3 | ||
| with: | ||
| github-token: ${{secrets.CI_GITHUB_TOKEN}} | ||
| github-token: ${{ steps.github-token.outputs.token }} |
There was a problem hiding this comment.
I see. Let's leave the TRACE_BUILD_RUBY_ACTIONS_API_TOKEN as-is then, that Rake task might be useful.
For creating the release, can you update line 84 to use the automatic GITHUB_TOKEN instead?
|
@cheempz Thanks, I have changed to default GITHUB_TOKEN |
verify_install run: https://github.com/solarwindscloud/swotel-ruby/actions/runs/6436219961/job/17479110745