-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using GitHub with GITHUB_TOKEN without Prefix leaks token #1517
Comments
Hmmm can you manage to reproduce the problem with just using I would recommend to use It does not have all the named methods for all the REST API endpoints yet, but you have |
I’m passing Using the action you mentioned could be an alternative. But not sure if that would make a difference In the second example (direct rest call) they ass the bearer prefix: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token#example-calling-the-rest-api Do I need to tell the Oktokit client what kind of token it is? |
I can't tell what exactly is happening, but I don't think that the problem is with I've added the REST API endpoint methods to |
Thanks for the support, I’ll try your implementation 👍🏻 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
will leak the token on error:
19-11-22T16:44:34.9046342Z (node:2404) UnhandledPromiseRejectionWarning: HttpError: Validation Failed: "Could not resolve to a node with the global id of 'M....c='." 2019-11-22T16:44:34.9047036Z at /home/runner/work/_actions/rowi1de/typescript-action/master/node_modules/@octokit/request/dist-node/index.js:66:23 2019-11-22T16:44:34.9047273Z at processTicksAndRejections (internal/process/task_queues.js:89:5) 201
see actions/typescript-action#40
The text was updated successfully, but these errors were encountered: