Skip to content

Commit

Permalink
Switch to the official action for managing app tokens (#504)
Browse files Browse the repository at this point in the history
Improve security by switching to the official GitHub action
for managing app tokens. More [details](tibdex/github-app-token#99 (comment)).

The `repositories` key is safe to remove because per
the [docs](https://github.com/actions/create-github-app-token?tab=readme-ov-file#repositories):

> If owner and repositories are empty, access will be scoped to only the current repository.
  • Loading branch information
jeffwidman authored Mar 21, 2024
1 parent 3e1bcb9 commit e21c9fb
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 16 deletions.
7 changes: 3 additions & 4 deletions .github/workflows/dependabot-auto-merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- name: Check out code
uses: actions/checkout@v4
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/dependabot-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/release-bump-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/release-move-tracking-tag.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,10 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
with:
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
repositories: "dependabot/fetch-metadata"
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
Expand Down

0 comments on commit e21c9fb

Please sign in to comment.