use github app installation token for device repository cloning #422

rcooke-warwick · 2024-10-01T14:30:45Z

This is required for cloning private submodules - as the default behaviour means the token is scoped only to the repository the workflow is running on

Change-type: patch

klutchell · 2024-10-01T14:33:33Z

.github/workflows/yocto-build-deploy.yml

      - name: Create GitHub App installation token
        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
        id: app-token
        if: vars.FLOWZONE_APP_ID != ''
        with:
          app-id: ${{ vars.FLOWZONE_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}


I think the owner is the current org by default, does this actually change anything?

@klutchell if no owner arg is provided the docs say it defaults to repo only scope: https://github.com/actions/create-github-app-token/tree/5d869da34e18e7287c1daad50e0b8ea0f506ce69/?tab=readme-ov-file#create-a-token-for-the-current-repository

Logs on the step in action also show this:

"Run actions/create-github-app-token@5d869da
owner and repositories not set, creating token for the current repository ("balena-raspberrypi")"

actually wait, it looks like my owner arg is ignored in this PR run

ignore me ^ I put it in the wrong place, (leviathan token) , fixing

ok confirmed, now we get an org wide token

Run actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 repositories not set, creating token for all repositories for given owner "balena-os"

will test on a device repo. EDIT: works :)

vipulgupta2048

NIT

.github/workflows/yocto-build-deploy.yml

This is required for cloning private submodules - as the default behaviour means the token is scoped only to the repository the workflow is running on Change-type: patch Signed-off-by: Ryan Cooke <[email protected]>

rcooke-warwick requested a review from klutchell October 1, 2024 14:30

rcooke-warwick had a problem deploying to balena-staging.com October 1, 2024 14:30 — with GitHub Actions Error

klutchell reviewed Oct 1, 2024

View reviewed changes

rcooke-warwick force-pushed the ryan/app-token branch from f35eb7f to 4d7dbc0 Compare October 1, 2024 14:39

rcooke-warwick temporarily deployed to balena-staging.com October 1, 2024 14:44 — with GitHub Actions Inactive

vipulgupta2048 reviewed Oct 1, 2024

View reviewed changes

.github/workflows/yocto-build-deploy.yml Outdated Show resolved Hide resolved

rcooke-warwick marked this pull request as ready for review October 1, 2024 14:54

rcooke-warwick force-pushed the ryan/app-token branch from 4d7dbc0 to ce72de8 Compare October 1, 2024 15:07

flowzone-app bot enabled auto-merge October 1, 2024 15:11

rcooke-warwick temporarily deployed to balena-staging.com October 1, 2024 15:53 — with GitHub Actions Inactive

rcooke-warwick temporarily deployed to balena-cloud.com October 1, 2024 16:44 — with GitHub Actions Inactive

rcooke-warwick force-pushed the ryan/app-token branch from ce72de8 to 81f3978 Compare October 1, 2024 17:19

rcooke-warwick temporarily deployed to balena-staging.com October 1, 2024 17:19 — with GitHub Actions Inactive

klutchell approved these changes Oct 1, 2024

View reviewed changes

rcooke-warwick temporarily deployed to balena-cloud.com October 1, 2024 18:51 — with GitHub Actions Inactive

rcooke-warwick had a problem deploying to balena-cloud.com October 1, 2024 18:51 — with GitHub Actions Failure

vipulgupta2048 approved these changes Oct 1, 2024

View reviewed changes

use github app installation token for device repository cloning

8eff76f

This is required for cloning private submodules - as the default behaviour means the token is scoped only to the repository the workflow is running on Change-type: patch Signed-off-by: Ryan Cooke <[email protected]>

rcooke-warwick force-pushed the ryan/app-token branch from 81f3978 to 8eff76f Compare October 2, 2024 08:48

rcooke-warwick temporarily deployed to balena-staging.com October 2, 2024 08:48 — with GitHub Actions Inactive

rcooke-warwick temporarily deployed to balena-cloud.com October 2, 2024 09:16 — with GitHub Actions Inactive

rcooke-warwick had a problem deploying to balena-cloud.com October 2, 2024 09:16 — with GitHub Actions Error

rcooke-warwick temporarily deployed to balena-cloud.com October 2, 2024 09:16 — with GitHub Actions Inactive

rcooke-warwick temporarily deployed to balena-cloud.com October 2, 2024 10:50 — with GitHub Actions Inactive

flowzone-app bot merged commit e09bdb6 into master Oct 2, 2024
58 checks passed

flowzone-app bot deleted the ryan/app-token branch October 2, 2024 11:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

use github app installation token for device repository cloning #422

use github app installation token for device repository cloning #422

rcooke-warwick commented Oct 1, 2024

klutchell Oct 1, 2024

rcooke-warwick Oct 1, 2024

klutchell Oct 1, 2024

rcooke-warwick Oct 1, 2024

rcooke-warwick Oct 1, 2024

rcooke-warwick Oct 1, 2024

rcooke-warwick Oct 1, 2024 •

edited

Loading

vipulgupta2048 left a comment

use github app installation token for device repository cloning #422

use github app installation token for device repository cloning #422

Conversation

rcooke-warwick commented Oct 1, 2024

klutchell Oct 1, 2024

Choose a reason for hiding this comment

rcooke-warwick Oct 1, 2024

Choose a reason for hiding this comment

klutchell Oct 1, 2024

Choose a reason for hiding this comment

rcooke-warwick Oct 1, 2024

Choose a reason for hiding this comment

rcooke-warwick Oct 1, 2024

Choose a reason for hiding this comment

rcooke-warwick Oct 1, 2024

Choose a reason for hiding this comment

rcooke-warwick Oct 1, 2024 • edited Loading

Choose a reason for hiding this comment

vipulgupta2048 left a comment

Choose a reason for hiding this comment

rcooke-warwick Oct 1, 2024 •

edited

Loading