{TEST} debug app-token probe (do not merge)#1045
Conversation
Sample app builds 📱Below you will find the list of the latest versions of the sample apps. |
|
Hey, there @mahmoud-elmorabea 👋🤖. I'm a bot here to help you. I think the title of this pull request is not in the correct format. Follow the instructions below and then edit the pull request title to a valid format. I'll check again after you make an edit 👍. This project uses a special format for pull requests titles. Expand this section to learn more (expand by clicking the ᐅ symbol on the left side of this sentence)...This project uses a special format for pull requests titles. Don't worry, it's easy! This pull request title should be in this format: If your pull request introduces breaking changes to the code, use this format: where
Examples:Need more examples? Want to learn more about this format? Check out the official docs. Note: If your pull request does multiple things such as adding a feature and makes changes to the CI server and fixes some bugs then you might want to consider splitting this pull request up into multiple smaller pull requests. |
SDK binary size reports 📊SDK binary size of this PRSDK binary size diff report vs. main branch |
|
Probe verified — see verdict table. Closing without merge. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## ci/migrate-deploy-to-app-bypass-ruleset #1045 +/- ##
===========================================================================
- Coverage 69.81% 69.80% -0.02%
===========================================================================
Files 220 220
Lines 11650 11650
===========================================================================
- Hits 8134 8132 -2
- Misses 3516 3518 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Temporary de-risking probe stacked on top of
ci/migrate-deploy-to-app-bypass-ruleset(#1044).What this proves
actions/create-github-app-tokenmints a token usingCIO_APP_CLIENT_ID+CIO_APP_SECRET.outputs.app-slug == cio-mobile-release(the slug on the ruleset bypass list).actions/checkoutwithtoken:persists the App token into.git/config— meaninggit pushfrom a later step authenticates as the App, not asgithub-actions[bot].Hashes are SHA-256 of token bytes; never the tokens themselves.
Do not merge
This PR exists to verify the App identity end-to-end. Once the workflow run is green, the debug workflow gets dropped from the real-fix PR (#1044).