Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use read-only token for Danger #2352

Merged
merged 1 commit into from
May 19, 2021
Merged

Use read-only token for Danger #2352

merged 1 commit into from
May 19, 2021

Conversation

pgwillia
Copy link
Member

@pgwillia pgwillia commented May 19, 2021
edited
Loading

Context

Starting March 1st, 2021 workflow runs that are triggered by Dependabot from push, pull_request, pull_request_review, or pull_request_review_comment events will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN and will not have access to any secrets available in the repository.

Note that this DOES NOT allow developers the possibility to propose change sets from a fork of the repository. This hasn't been possible since the policy change in Travis.

Related to #2082

What's New

Changed Danger github action to use the read-only GITHUB_TOKEN and the GithubActions bot.

@pgwillia
Use read-only token for Danger
0c7cca9 
Starting March 1st, 2021 workflow runs that are triggered by Dependabot from push, pull_request, pull_request_review, or pull_request_review_comment events will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN and will not have access to any secrets available in the repository.
@pgwillia pgwillia force-pushed the 2282_danger_token branch 2 times, most recently from a7e36fc to 4524b69 Compare May 19, 2021 20:30
@pgwillia
Copy link
Member Author

pgwillia commented May 19, 2021
edited
Loading

image
This is not what I was expecting. I am currently trying to get Danger to comment/warn.

Interestingly GITHUB_TOKEN is only passed on pull_requests, not on push.
image
image

@pgwillia pgwillia changed the title 2282 danger token Use read-only token for Danger May 19, 2021
@pgwillia pgwillia force-pushed the 2282_danger_token branch from 4524b69 to 0c7cca9 Compare May 19, 2021 20:50
ConnorSheremeta
ConnorSheremeta approved these changes May 19, 2021
View reviewed changes
Copy link
Contributor

@ConnorSheremeta ConnorSheremeta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pgwillia pgwillia merged commit e460d2a into integration May 19, 2021
@pgwillia pgwillia deleted the 2282_danger_token branch May 19, 2021 21:15
@pgwillia pgwillia restored the 2282_danger_token branch July 12, 2021 19:15
@pgwillia pgwillia mentioned this pull request Jul 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ConnorSheremeta ConnorSheremeta ConnorSheremeta approved these changes

@lagoan lagoan Awaiting requested review from lagoan lagoan is a code owner

@mbarnett mbarnett Awaiting requested review from mbarnett

@murny murny Awaiting requested review from murny

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pgwillia @ConnorSheremeta