Skip to content
This repository was archived by the owner on Jan 29, 2026. It is now read-only.

[GHA] Fix token to trigger publish workflow#378

Merged
rodrigozhou merged 2 commits intomainfrom
rodrigozhou/fix-trigger-publish
Feb 26, 2025
Merged

[GHA] Fix token to trigger publish workflow#378
rodrigozhou merged 2 commits intomainfrom
rodrigozhou/fix-trigger-publish

Conversation

@rodrigozhou
Copy link
Contributor

@rodrigozhou rodrigozhou commented Feb 22, 2025
edited
Loading

What was changed

Fix token to trigger publish workflow.

Why?

This workflow has been failing for months...

Checklist

  1. Closes

  2. How was this tested:

  1. Any docs updates needed?

@rodrigozhou rodrigozhou enabled auto-merge (squash) February 22, 2025 00:26
josh-berry
josh-berry reviewed Feb 24, 2025
View reviewed changes
.github/workflows/trigger-publish.yml Outdated
steps:
- name: Generate a token
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
Copy link

@josh-berry josh-berry Feb 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not loving depending on an external action from some random GitHub user for this TBH. I get that it's pinned to a particular commit, but I worry about what happens if some vulnerability is found in this version that could cause a secret to leak—and I'm not willing to unpin it because that gives this random user access to our CI/CD pipeline and secrets.

Is there another way we can do this using something that comes from a reputable source (internal or external)?

Copy link
Contributor Author

@rodrigozhou rodrigozhou Feb 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We use this Github action in several repos in Temporal to generate the token. There was no alternatives before until Github lauched their own. However, we're still using the former in several repos. I just copied this from another repo.

Anyway, I can replace here with the one provided by Github.

@rodrigozhou rodrigozhou merged commit d31f520 into main Feb 26, 2025
6 checks passed
@rodrigozhou rodrigozhou deleted the rodrigozhou/fix-trigger-publish branch February 26, 2025 17:52
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@josh-berry josh-berry josh-berry approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rodrigozhou @josh-berry