Skip to content

Commit

Permalink
Switch to the official action for managing app tokens
Browse files Browse the repository at this point in the history
Improve security by switching to the official GitHub action
for managing app tokens. More [details](tibdex/github-app-token#99 (comment)).

The `repositories` key is safe to remove because per
the [docs](https://github.com/actions/create-github-app-token?tab=readme-ov-file#repositories):

> If owner and repositories are empty, access will be scoped to only the current repository.
  • Loading branch information
jeffwidman committed Mar 21, 2024
1 parent 3e1bcb9 commit b1a3bf3
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 16 deletions.
7 changes: 3 additions & 4 deletions .github/workflows/dependabot-auto-merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- name: Check out code
uses: actions/checkout@v4
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/dependabot-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/release-bump-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/release-move-tracking-tag.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
Expand Down

0 comments on commit b1a3bf3

Please sign in to comment.