chore: update token used for approval action#161
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions workflow used to create and manage infrastructure update pull requests by switching the approval step to use the GitHub App token generated earlier in the job, aligning it with the other workflow steps’ authentication approach.
Changes:
- Switch
juliangruber/approve-pull-request-actionto use${{ steps.generate_token.outputs.token }}instead of${{ secrets.approve-pr-token }}.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| uses: juliangruber/approve-pull-request-action@68fcc9a5a73b5641cadf757cf99d73720dcb05d0 # v2.1.0 | ||
| with: | ||
| github-token: ${{ secrets.approve-pr-token }} | ||
| github-token: ${{ steps.generate_token.outputs.token }} |
There was a problem hiding this comment.
Now that the approval step uses steps.generate_token.outputs.token, the workflow-call secret approve-pr-token is unused (it’s only declared, not referenced). Consider removing that secret from on.workflow_call.secrets (or updating callers/docs) to avoid confusion and reduce required secret surface area.
pravindahal
left a comment
pravindahal
left a comment
There was a problem hiding this comment.
The intended use of this workflow is to run it on merge to main, and not on PR creation. If you have requirements where you'd want to potentially deploy builds from a branch without it being merged, let's discuss this.
Not sure what you are getting at here. I am not trying to change when the workflow runs 😅 |
We are getting this error in our pipeline:
Looking at the workflow, it striked me that every other step was using the output from a step for github token, so hoping that is the reason?
This pull request makes a small change to the GitHub Actions workflow for updating the infrastructure repository. The change updates the source of the GitHub token used for the pull request approval step.
github-tokeninput for thejuliangruber/approve-pull-request-actionis now set to use the token generated in thegenerate_tokenstep (steps.generate_token.outputs.token) instead of the previoussecrets.approve-pr-token.